Tag Archives: LulzSec

Legal Concerns over Cloud Computing

December 11, 2012

A recent Backup Technology blog briefly touched upon the legal concerns that many businesses have when considering a move to the cloud. This post looks to explore those concerns further. Many of the concerns relate to the lack of regulation in cloud computing, which often makes some larger corporations fearful in case something goes wrong with the service.

Although cloud computing is picking up momentum, it is yet to be taken up on a large scale by big corporations, who still prefer to use hardware. Two of the reasons that many big corporations give for not moving more of their IT to the cloud is the concerns over responsibility for the service provided and data security. Understandably, lawyers of big corporations are concerned that when things do go belly up, they will not be able to hold the cloud provider responsible, and even more worryingly they may in fact be liable themselves. This is a major stumbling block for many large corporations who would otherwise be quite keen to make a push to the cloud.

There are many calling for tighter regulation of the cloud computing industry, as well as a change to legislation that is better suited to the cloud. As things stand, US law does not empower prosecutors to hold cloud providers accountable for criminal activity facilitated by the cloud. This is not to say that the cloud provider itself did anything illegal, but simply allowed crime to occur by hosting a service for the criminal organisation.

A prime example is that of CloudFlare and LulzSec. LulzSec, a hacking group with ties to other high profile groups such as Anonymous, used CloudFlare to host their operations during June 2011, in which they targeted websites such as that of the CIA, gaming website The Escapist and sandbox game, Minecraft. CloudFlare, a website optimisation and security company, managed to escape liability for the attacks even though they had been hosting LulzSec’s website for several weeks. In theory, CloudFlare could have helped with any attempt to prevent the attacks from happening but chief executive Matthew Prince chose not to take the website offline. In fact, his company did quite the opposite, and continued to provide their service designed to protect LulzSec’s website from attack.

A recent article in Cloud Times�has suggested that legislation needs to change to allow it to police the cloud computing industry properly. This is emphasised by the CloudFlare story, where a company was knowingly defending and hiding the website of a criminal organisation, but was not held accountable by any authority, because current legislation does not allow it. For cloud computing to be adopted by big business on a large scale, this is something that needs to change.

Favoured Website for Hackers to Dump Data is set to Take Action

April 3, 2012

Jeroen Vader, the owner of the website Pastebin.com has announced that he plans to hire extra staff that will monitor the content that is put on the website. The sole purpose of the new employees will be to scout around the website and reduce the amount of time that stolen data remains on the website.

During recent times, Pastebin.com has become a favoured website with hacktivist groups such as LulzSec and Anonymous who dump large amounts of stolen data and leave it there for all to see.

Vader has revealed that since he has become the owner of the website in 2010, the popularity has increased and it now attracts on average 17 million visitors a month. With the website attracting so many people, the monitoring system that is in place to flag up any inappropriate data is struggling to keep up. At the moment, Vader is relying on an abuse report system to flag up any inappropriate data but it has now reached the stage where the system isn�t responsive enough. On average, PasteBin currently receives 1,200 abuse reports a day and therefore the need for extra staff to monitor the content on the website is becoming more important.

Vader stated, “I am looking to hire some extra people soon to monitor more of the website content, not just the items reported. Hopefully this will increase the speed in which we can remove sensitive information.”

Members of the website are asked not to post personal or stolen pieces of information but this does not deter members of the hacktivist groups. The website is also used by hacktivists to test the effectiveness of distributed denial- of- service attack (DDoS) tools. The aim of these tools is to make a computer or network resource unavailable to the intended user(s).

Vader commented, “In the last three months not a single day has gone by that we didn’t get some kind of DDoS attack. I do hear from people in the hackers’ community that many hackers like to test their DDOS skills on Pastebin.”

Once the new employees are in place, it will be interesting to see whether the hacktivist groups continue to dump stolen data on this website if the length of time that it remains on the site is reduced.

LulzSec: A Drop in the Ocean of Cybercrime.

March 8, 2012

The LulzSec ring leader, 28 year old Hector Xavier Monsegur has been working closely with the FBI since he was secretly arrested last June. The type of deal he struck with the FBI has not been specified however it is assumed it will have reduced his jail sentence from 124 years.

The list of arrests on Tuesday included one in the United States, two in the UK and two in Ireland.

With the huge amount of hype and press coverage following the worst year of cyber attacks in corporate history, it is no surprise that 20,000 people showed up to the RSA conference last week in San Francisco.

Talks were to highlight the current cyber security crisis and review proposed legislation. During the presentations Robery Mueller, FBI director predicted that cyber threats were set to surpass terrorism as the country�s top threat.

Gregory Roll who went to the conference for advice on security procedures for his large corporate finance employer had this to say: �It�s a constant battle, and we�re losing.�

There appeared to be an overall negative vibe at the convention as people who tipped up for advice came away feeling more nervous, as they heard various CEOs tell their data breach horror stories.

Such stories included that told by James Bidzos, CEO of core internet infrastructure company Verisign, which lost data to hackers in 2010. In addition the CEO of Symantec, Enrique Salem told the audience how the company had recently had their 2006 source code stolen.

Art Coviello, Executive Chairman of RSA said he hoped that something positive could come out of his company�s misfortune through breaches being taken more seriously.

�People have definitely talked more seriously after our breach.�

Met Police Take To Twitter

August 5, 2011

The Metropolitan Police have joined hacking groups in using Twitter as a free publicity platform to get their message out there. The idea is to warn cyber criminals that they will not let up when it comes tracking them down.

They commented �the investigation into the criminal activity of so-called �hackivist� groups Anonymous and LulzSec continues.�

�Under UK law it is an offence if a person acts from within the UK upon a computer anywhere else in the world. It is also an offence for someone anywhere else in the world to criminally affect a computer within the UK,� the tweet stated.

A link attached to the Tweet then elaborated on how anyone risking accessing a computer without authority would face imprisonment.

The move to Twitter has come after the arrest of Jake Davis. The 18-year-old Shetland resident who identifies himself as �Topiary� online is facing a total of five charges involving a number of attacks on corporate and governmental bodies.

It seems that now Anonymous at least is turning it�s attention to the US and has already promised a number of attacks on American governmental bodies. Outside of a �free Topiary� campaign the group is yet to announce another operation on British soil.

A recent Tweet read, �NSA, CIA, FBI, YOUNAMEIT: You all have our data. How about the public receives all of your data? Working on it.�

The Sun Suffers Data Breach

August 2, 2011

A Hacking attack on the Sun�s website has lead to thousands of people�s data being compromised.

News International who oversee the publication of the paper has emailed thousands of people to let them know that hackers have stolen their personal details and have posted them publically on the popular hacking site, Pastebin.

An email sent on Monday evening by the director of customer care for News International, Chris Duncan stated that �some customer information from competitions and polls was breached.�

Data stolen includes information from an Xbox competition, a Wrigleys football competition, a list of Scottish students as well as a forum for bullied people. Much of the information comprises of personal information including phone numbers and addresses. Lucky for the Sun however, �no financial or password information was compromised,� Duncan.

Duncan re-assured that News International is working closely with the police as well as the information commissioner �to ensure that all steps are taken to retrieve the files involved.�

Twitter has become the platform on which hackers appear to announce their work today, and this time was no different. Responsibility was claimed by the username Batteye.

It is unclear where Batteye is from however he has denied any association with the hacking group LulzSec which has suffered 3 arrests in the past few weeks in Britain.

LulzSec have 4GB of incriminating emails belonging to the Sun which last month they said they may never release. However with some of their members being arrested and a renewed interest in the Sun there is a real danger they may change their mind.

Lulzsec Target Brazilian Government

June 22, 2011

Two of the official Brazilian government websites were brought down during the early hours of Wednesday morning. The sites are the official web pages of the Brazilian government and the scam is the equivalent of bringing down the Downing Street site.

The sites were inaccessible this morning after LulzSec had flooded the site. Users simply received an error message stating that the site had suffered a timeout.

The Brazilian government adds to a growing list of victims which includes the CIA, the US Senate, the US television broadcaster PBS, Britain�s Serious and Organised Crime Agency, Sony and Nintendo.

LulzSecBrazil tweeted: �TANGO DOWN brasil.gov.br & presidencia.gov.br,� when the job was done.

On Monday night 19 year old Ryan Clearly was arrested in his family home. Scotland Yard claimed that a �significant amount of material� was seized.

Although there were no tweets for over 10 hours from LulzSec they did eventually reply with two denials including:

�Seems the glorious leader of LulzSec got arrested, it�s all over now..wait..we�re all still here! Which poor bastard did they take down?�

His older brother Mitchell commented �He�s not the sort of person to do anything mad or go out and let his hair down or do anything violent. He stays in his room – you�ll be lucky if he opens his blinds, but that�s just family isn�t it? I barely see him – I�m more of a footballer person – he�s more of an inside person.�

The arrest appears to have prompted a scam on Facebook. It has been alleged that people may be making commission through sharing a picture of two pixelated men leading another pixelated man away from a building.

�Sharing and liking the page, followed by clicking on the link, led me to third party webpages that urged me to download a program called iLividSetupV1.exe which attempted to install a series of toolbars.� Sophos senior technology consultant Graham Cluley stated in a blog post.�It is certainly inventive to exploit the breaking news story of the arrested hacker,� he added.