Collateral Damage: In The Hunt For LulzSec, FBI Takes Down A Bunch Of Websites
from the making-omelets dept
As a bunch of folks have been sending in, the FBI raided a data center in Reston Virginia, seizing a bunch of servers and taking a bunch of sites offline (including some big names). This isn't -- as some suggested -- quite the same thing as the infamous ICE domain seizures. This sort of thing does happen from time to time, when law enforcement is seeking actual information on a server which is part of a larger criminal investigation. That said, it always amazes me how much collateral damage law enforcement does in these situations, when it seems like they could definitely be a lot more targeted. Even worse, the reports claim that the FBI is actually trying to chase down the loose hacker collective LulzSec, which seems like a waste of time. Frankly it seems like the FBI must have something more important to work on. That said, it does seem somewhat ironic that in trying to track down a group that has been taking down (somewhat random) websites, the FBI has also taken down a bunch of websites, including the popular blog network Curbed, and parts of the super popular utility Instapaper.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
I don't know about that. Major hacks, international attacks aimed to steal millions of credit card numbers, to hack into secure systems, and cause millions of damages seems like a pretty good thing to be working on.
Perhaps parts of the "popular blog network" were being used to guide the hackers. Do you know anything?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That story was already debunked. But, carry on...
[ link to this | view in chronology ]
Re:
There fixed that for you.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
"aimed to steal millions of credit card numbers, to hack into secure systems, and cause millions of damages"
They caused no damages. Would you rather they had sat on the credit card numbers and sold them rather than release them? At least the people had fair warning.
'Perhaps parts of the "popular blog network" were being used to guide the hackers.'
The stupidity of this sentence doesn't warrant an intelligent or direct response.
[ link to this | view in chronology ]
Re: Re:
That is an oxymoron.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Also, the guy arrested in the UK is apparently just some kid that was running an IRC server that Lulzsec and Anonymous used from time to time. He was hardly a "ringleader" or even someone who would know the ringleaders.
Tbh, I bet they are all hiding using Tor, so the only way to track these people down is if they slip up in a big way.. like brag about the hacks on their Twitter or give out their personal info on IRC or something.
[ link to this | view in chronology ]
Re: Re: Re:
Ringleader? I thought these groups are loosely organized without top down leadership. It may be a problem if law enforcement is looking for ringleaders where none exist.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
When it gets out of hand, the brains leave to form a new group. That is why lulzsec is an offshoot of anonymous, which is an offshoot of 4chan. When the brains no longer control the masses of kiddies, they move on.
This guy is probably pouring his guts out right now, crying like a little baby hoping that he doesn't spend 40 years in a federal butt slammin' prison.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Really? That's not what I have read concerning these groups.
Do you have some sort of citation for that or are you just going on the same assumptions of the government agencies who think all groups are organized in a top down fashion because they are incapable of thinking outside the box?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
lulzsec and anonymous and so on are really run by a very small group of people, with plenty of little splinter groups. The people at the top of the pile want the coverage that the masses of script kiddies offers to them. They can operate better when the police are spending their time tracking down 15 year olds running low orbit software.
It's the nature of the game. Something like this doesn't just happen as the will of a crowd, we are not the borg. There is always someone or a group of someones leading the pack.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
I am still not convinced. Consensus of a group does not require leadership.
And why do you keep characterizing these groups as made up of mostly "15 year old script kiddies"? Personally, I'd think the demographic must be somewhat older than that. What 15 year old wants their their computer privileges taken away over a social issue they probably don't really care that much about?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
The last round of anonymous busts pretty much all came up with minors and college freshmen, most of the raids were on Mom's basement. It was absolutely hilarious.
Even in a group there are leaders and their are followers. It's human nature. We don't work well as groups of equals, we work better in a hierarchal setup, with leaders and followers. Even if it isn't out intention to end up that way, it is human nature.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
"Getting access to the websites to look for clues is just one of the ways."
Which doesn't require taking them down, especially not in the numbers being talked about here. From what I've read, they've taken down entire racks because a site they wish to access is located on one of them, taking down numerous sites that have had nothing to do with the group. According to the linked article, they did this even though they were informed exactly where to find the individual servers they suspected of being involved, they just took the lot down anyway.
"the UK police caught a person who they think is one of the ringleaders of the entire operation, Ryan Cleary."
So you don't believe in innocent until proven guilty, right? AFAIK, we won't know until this afternoon exactly what he's being charged with, but the group itself has issued statements saying that he's only involved so much as far as they use one of his sites along with many others.
Far from a ringleader, he seems to be only tangentially affiliated with the group, and my personal suspicions are that the threat of prosecution is only being made to try and pressure him into giving up the identities of other members (which, of course, he may well not know). I await the facts with interest, but so far they don't seem to be pointing in the FBI's favour.
All we have so far are allegations and suspicion, yet you treat those as fact. We'll see how far this goes and whether anybody else will be prosecuted, but this hardly justifies the collateral damage being done.
[ link to this | view in chronology ]
Re:
I would love to see groups like Anon and Lulz build an actual legal business around hacking. They are showing with amazing speed just how vulnerable and outdated alot of sites are, sites which collect enormous amounts of personal data from their customers. Exposing those vulnerabilities could be really good in the long term if it means that companies with a large internet presence / community are required to actually respect their clients information and be on constant vigil against attacks.
[ link to this | view in chronology ]
Re: Re:
The truth is they are dunderheads for going after high profile targets, it makes them look bad and makes them a high priority target for law enforcement.
[ link to this | view in chronology ]
Re: Re: Re:
Actually, the truth is that Lulz and Anon are not the ones you should be worried about; it is the ones who you never see that should be keeping you up at night. Lulz and Anaon are attention seeking and narcissistic which will make it easier to round them all up eventually. The real hackers, who leave little if any trace while having extracted even greater amounts of information with completely opaque agendas should be the focus of LE's attention and priority.
JMHO
[ link to this | view in chronology ]
Re: Re: Re:
The sites AREN'T SECURE. That's the entire point from day one. They are making it abundantly clear that the sites need to be hardened more than they think/assume they are. They are showing people that you shouldn't just trust a big name company with all of your info/data because if they don't execute due diligence your data is as good as open to everyone.
It doesn't make them look bad, it makes the sites they've taken down look bad.
Not to mention, they're doing it for the Lulz
http://lulzsecurity.com/releases/1000th_tweet_press_release.txt
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
"...not to mention finding out the collateral damage [the FBI] caused in the hunt for lulz."
And finally we have the answer, they are just doing it for the lulz.
[ link to this | view in chronology ]
Re: Re:
As far as the info they're sharing - do I sense some are implying "3rd party responsibility" against Lulz here?
Because just putting it out there to show security breaches does not give anyone the RIGHT to use it for any means whatsoever and a law abiding citizen knows this.
Anyone who does misuse the info should, of course, be held accountable for THEIR misdeeds.
Just for the record and the "love-to-spew-hate" perps, I do understand the shock and horror anyone feels at finding out their passwords have been exposed. I would feel the same way - but would be upset with the entity who allowed it to happen, not Lulz.
[ link to this | view in chronology ]
Re:
How about Facebook?
[ link to this | view in chronology ]
Re:
There are all sorts of very serious hacker teams with serious malicious intent to steal credit cards and make money. I have no problem with seeking those guys.
LulzSec are making a statement. They're getting attention, but they're not really causing much harm. In the grand scheme of things, it seems like focusing on Lulz is missing the point in a big bad way.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
You know what they say...
Let's just hope they don't employ this tactic on terrorists...
[ link to this | view in chronology ]
Why?
[ link to this | view in chronology ]
Re: Why?
[ link to this | view in chronology ]
Re: Re: Why?
[ link to this | view in chronology ]
The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: The problem is that Lulz has committed an unspeakable crime...
Our business has over 20,000 dropped (spam) emails a day. over 120,000 a week (over the weekends, rates drop). Assuming the average size is 50KB (rather large), that is over 1GB of useless internet traffic hitting our router(and mail filter) a day. It is a shame.
[ link to this | view in chronology ]
Re: Re: The problem is that Lulz has committed an unspeakable crime...
We block over 30k a day, a little over 200k a week, and 800k a month.
To put that in perspective: our spam firewall let only 35k messages through in the past 30 days. Out of 797k total messages incoming.
Spam is a disease.
[ link to this | view in chronology ]
Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
I couldn't agree more, but free speech and international treaties have nothing to do with it. It just isn't stoppable. Yea, filters are pretty good at stopping it now, but stopping it from ever being sent is near impossible.
[ link to this | view in chronology ]
Re: Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
I've heard the return rate on spam is very very small, but enough that if you cast a big enough net you stand to profit. Screw spam filters, just make it unprofitable to cast a huge net.
I'm not sure how that would apply to a service like Gmail, since those charges couldn't be rolled up into a monthly ISP bill. But this is all speculation on my part anyway.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
https://secure.wikimedia.org/wikipedia/en/wiki/E-mail_authentication
the problem is that dns is trusting meanign that every little domain need to implement controls in order to not be subject to phishing attacks then massively sending spam one of the better solutions that is out there is https://secure.wikimedia.org/wikipedia/en/wiki/Sender_Policy_Framework
unfortunately or I guess in a larger since fortunately the internet is still a open space where everyone can participate meaning everyone can to damage. stopping spam is possible like stopping crime is possible by a police state
[ link to this | view in chronology ]
Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
[ link to this | view in chronology ]
Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...
Along with trolling and stupid comments in general. They should all be banned and filtered at the ISP level.
/s
[ link to this | view in chronology ]
You all are goofy
[ link to this | view in chronology ]
Re: You all are goofy
[ link to this | view in chronology ]
Re: Re: You all are goofy
[ link to this | view in chronology ]
Re: Re: Re: You all are goofy
[ link to this | view in chronology ]
Re: You all are goofy
[ link to this | view in chronology ]
Re: Re: You all are goofy
[ link to this | view in chronology ]
Re: Re: Re: You all are goofy
Not necessarily. I didn't apply for or receive a Social Security Number until I was 15 years old. Since 1990, parents apply for SSNs for their children up to 1 year after birth, and this is now required by law, which I personally believe should be illegal and the child should apply for it when they first go for a job or become elegible to pay taxes or receive benefits. There are several examples of parents fraudulently using their children's SSNs. If dj haras was born before 1986, and didn't need it until 2002, he could have been granted that particular number.
[ link to this | view in chronology ]
Re: You all are goofy
I ran a check and that isn't your SSN. What'd you do, steal it?
[ link to this | view in chronology ]
Get off my lawn, you damn kids!
In reading all these attacks, it breaks my heart people have become too cowardly to stand up for themselves, especially in the arena of trying to get others to do the same.
If people stood together, they could take class-action suits against companies trying to cheat them or partake in inappropriate actions. Pooling the funds for legal recourse is much better than one trying to fight alone.
I get people are upset over this stuff, but taking their issues out on innocent people, who use these accounts, is bulllshit.
If anyone from Anonymous or LulzSec is reading this, perhaps you consider this before pretending you're fighting against "The Man".
In my eyes: you come off more a coward than a defender of rights. Those who defend want their name known.
Just my two cents.
[ link to this | view in chronology ]
Re: Get off my lawn, you damn kids!
I take a different view -- these anonymous acts aren't a sign that people have become cowardly, but indicative of how the world has changed. People can't take a stand for themselves because the playing field isn't level, and these anonymous attacks help put them back on even ground. I don't necessarily agree with their tactics, but I can sympathize to some extent.
If people stood together, they could take class-action suits against companies trying to cheat them or partake in inappropriate actions. Pooling the funds for legal recourse is much better than one trying to fight alone.
Unfortunately, I don't think that's true. Even if you can assume an unbiased judge (which I don't think is a safe assumption), regular people do not have the resources necessary to fight a real legal battle against their new oppressors -- not effectively, at least, not in a way that will bring lasting change. Recent history has shown that, at worst, Goliath will get a slap on the wrist and the "winners" will each get $8 retribution for their troubles. Nevermind that Goliath has multi-million dollar legal council on retainer, and the people have to tighten their belts and pool their money to scrape up any kind of representation. It's not a fair system.
I get people are upset over this stuff, but taking their issues out on innocent people, who use these accounts, is bulllshit.
I agree, though in a way making the apathetic feel pain is a good way to motivate them into awareness. To say LulzSec is doing that intentionally is giving them too much credit, I think, but I think it's fair to say that they are drawing attention to the things that are going on.
If anyone from Anonymous or LulzSec is reading this, perhaps you consider this before pretending you're fighting against "The Man".
In my eyes: you come off more a coward than a defender of rights. Those who defend want their name known.
Yeah, think of the heroes of legend: Batman, The Lone Ranger, Zorro. They all recognized that credibility came from your words and identity, not your actions, especially not when those actions run afoul of the established law of the land.
Just my two cents.
[ link to this | view in chronology ]
Re: Re: Get off my lawn, you damn kids!
And in joyous convergence those who they might be defending against also want the names and addresses of the defenders known.
Of course whether anonymous or lulzsec actually are defenders of any kind is another matter.
At least the CIA publish the names and addresses of all their agents, because they have balls. (Possibly yours and possibly in a vice but balls none the less)
[ link to this | view in chronology ]
Re: Re: Re: Get off my lawn, you damn kids!
"You can get much farther with a kind word and a gun than you can with a kind word alone."
Al Capone
[ link to this | view in chronology ]
Re: Re: Get off my lawn, you damn kids!
Especially I was puzzled why 9/11 terrorist attack was "cowardly" as it was put by officials. It was wrong on many other levels, but calling those people "cowards" for scarifying their lives for their beliefs, wtf?
[ link to this | view in chronology ]
Re: Re: Re: Get off my lawn, you damn kids!
Yeah, suicide bombers are "cowards", while people pushing buttons to launch cruise missiles from 8000 miles away are "brave heroes".
[ link to this | view in chronology ]
Re: Re: Re: Get off my lawn, you damn kids!
[ link to this | view in chronology ]
Re: Re: Re: Re: Get off my lawn, you damn kids!
The US government says the 9/11 attacks were an attack on the US. The US isn't exactly "unarmed", it has the world's largest and most powerful military. There simply is NO stronger or heavily armed enemy that they could have picked.
[ link to this | view in chronology ]
Re: Re: Re: Re: Get off my lawn, you damn kids!
[ link to this | view in chronology ]
Re: Get off my lawn, you damn kids!
Anonymous isn't about being unnamed, it describes the ad-hoc unstructured nature of the group. There is no leader, there is no peon, It's not "one trying to fight alone" it is in fact the opposite. It is a group taking unanimous collective action.
[ link to this | view in chronology ]
Re: Get off my lawn, you damn kids!
I just visited Philly and they have a treasonous document on display with lots of names, one in particularly large print. For the life of me, I can't remember what that document was. The interesting thing is how proud we are of our treason in the past, but now would gladly lock anyone up and throw away the key who would dare speak out like this today.
[ link to this | view in chronology ]
Re: Get off my lawn, you damn kids!
I vote for a new TechDirt badge: Lulz Coward.
[ link to this | view in chronology ]
2) Has the FBI even come out and said what it was they were looking for yet? That article eludes to it, but everything I've read so far says they've made no official comment. It's not a stretch to connect the hunt with the seizure, but it's also not exactly fact yet. After all, the FBI has a lot of agents, and probably work on more than 1 case at a time.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The hard way?
[ link to this | view in chronology ]
Blackstone's formulation
[ link to this | view in chronology ]
Re: Blackstone's formulation
Fixed.
[ link to this | view in chronology ]
Re: Blackstone's formulation
ie. They're causing more damage than they aim to prevent.
[ link to this | view in chronology ]
my new hack
2. attack a different high profile target.
3. fbi will raid the data center with my server,
4. the actual target will be down for months, drowning in bureaucracy.
5. lulz
[ link to this | view in chronology ]
Re: my new hack
Nice try, but a fail.
[ link to this | view in chronology ]
Re: Re: my new hack
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I don't understand why they can't get information from the sites without taking them down?
"That said, it does seem somewhat ironic that in trying to track down a group that has been taking down (somewhat random) websites, the FBI has also taken down a bunch of websites"
So maybe the group can use this to their advantage by figuring out ways to encourage the FBI to take down sites for them.
[ link to this | view in chronology ]
As the article states this person was arrested and it seems his only crime was hosting an IRC server that Luszsec had a chat room on. They grabbed the server looking for chat logs ?
Most servers do not log chat but i have been told there are a few that logging can be enabled on.
At least here in the US we have a 1st amendment right to talk freely........ or do we?
[ link to this | view in chronology ]
Re:
http://pastebin.com/MBEsm5XQ
[ link to this | view in chronology ]
Yep, sounds like the FBI is more efficient at taking down sites than the hackers.
but who knows - maybe that was the goal of the 'hacker', lol.
[ link to this | view in chronology ]
Re:
Accuse them of copyright infringement three times.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Instead of shutting down LulzSec . . .
It's like going after people breaking in to a facility that is secured with duct tape. Why not fix the security problem?
I would point out that Google removed Windows PC's after the Chinese hacking, and Google isn't exactly a small organization.
[ link to this | view in chronology ]
FBI Agent: ...Pulls out machine gun and starts firing aimlessly
[ link to this | view in chronology ]
Re:
If the thief could be construed to be remotely connected to "terrorism"***, then it could happen.
But then we wouldn't hear of it, because it would be a state secret.
*** terrorism: fear and terror that your obsolete business model might be affected by change
[ link to this | view in chronology ]
Be vewwy, vewwy, quiet.....I'm hunting wabbits!
[ link to this | view in chronology ]
Re:
Don't forget to bring The Holy Hand Grenade of Antioch just in case you run into one with really large fangs.
[ link to this | view in chronology ]
As an innocent person
[ link to this | view in chronology ]
Re: As an innocent person
[ link to this | view in chronology ]
Re: Re: As an innocent person
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Typical
That reminds me of cops killing people to keep them from killing themselves. "Hey, it's OK when WE do it!"
[ link to this | view in chronology ]