LulzSec hacking group 'disbands'

26 June 2011 Last updated at 11:32 GMT The Lulz Security group has used Twitter to draw further attention to itself A hacker group that has attacked several high-profile websites over the last two months has announced that it is disbanding.

Lulz Security made its announcement through its Twitter account, giving no reason for its decision.

A statement published on a file-sharing website said that its "planned 50-day cruise has expired".

The group leapt to prominence by carrying out attacks on companies such as Sony and Nintendo.

Broadcasters Fox and PBS, the CIA, and the United States Senate have also been cyber-attacked by the group.

As a parting shot, the group released a selection of documents apparently including confidential material taken from the Arizona police department and US telecoms giant AT&T.

Correspondents say LulzSec's announcement could be a sign that its members are nervous because of recent police investigations, including the arrest of a British man suspected of links to the group, and efforts by rival hackers to expose them.

'Microscopic impact' Continue reading the main story Rory Cellan-Jones Technology correspondent, BBC News

The disbanding of LulzSec might seem like an important victory for the forces of law and order - after all, this is the group credited with attacks on everything from Sony to the CIA.

But in this shadowy world of claims, boasts and posturing, nothing is quite what it seems. It may have been other members of the hacker "community" - disgruntled with the antics of LulzSec - who forced the group into retreat. A document posted online in the last 24 hours purports to be a history of LulzSec, complete with full details on its leaders. "We've been tracking and infiltrating these kids," says the document, and its account goes on to name people in the UK, Amsterdam and New York, along with their social networking profiles and other details.

The document, posted by something called the A-Team, looks convincing, with logs from IRC (Internet Relay Chat) conversations amongst the group. It ends by offering the "raw logs of everything" to any law enforcement agency.

But even if LulzSec has gone offline, its members and other hackers trying to make a name for themselves may soon pop up elsewhere. And the other question is whether we should take any publicity-hungry group like this too seriously. The real damage is more likely being done by criminal groups who wouldn't dream of boasting of their exploits on Twitter or anywhere else.

The group's identities remain anonymous and it has not been possible to contact its members directly to confirm its statement.

The statement said that "our crew of six wishes you a happy 2011".

"So with those last thoughts, it's time to say bon voyage," it added.

"Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere."

But LulzSec urged its supporters to carry on.

"We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us," the statement said.

"Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve."

The group had previously told the BBC's Newsnight programme that it wanted to target the "higher ups" who write the rules and "bring them down a few notches".

In an online Q&A, the hacker known as Whirlpool, who described himself as "captain of the Lulz Boat", said that while the group had begun hacking "for laughs" - for which the word "lulz" is cyber-slang - it evolved into "politically motivated ethical hacking".

And in an interview with the Associated Press on Friday, a LulzSec member said the group had at least five gigabytes of "government and law enforcement data" from around the world, which it planned to release in the next three weeks.

Ryan Cleary, 19, from Wickford, Essex, was arrested as part of a Scotland Yard and FBI probe into LulzSec and charged with hacking the website of the UK Serious Organised Crime Agency.

View the original article here

Hacking suspect 'has Asperger's'

25 June 2011 Last updated at 13:32 GMT Mr Cleary was said to be highly intelligent A 19-year-old charged with hacking the website of the UK Serious Organised Crime Agency has been diagnosed with Asperger's syndrome, a court has heard.

Ryan Cleary, from Wickford, Essex, was arrested as part of a Scotland Yard and FBI probe into online hacking group LulzSec.

His counsel told City of Westminster Magistrates' Court he had the form of autism, along with agoraphobia.

He was granted bail, but remains in custody after prosecutors objected.

Ben Cooper, defending Mr Cleary, said he was concerned the alleged hacker would have to remain in custody over the weekend.

The court was told he is of high intelligence but has difficulty interacting with other people.

But prosecutors refused to reconsider their bail appeal.

Mr Cleary is alleged to have set up a distributed denial of service (DDOS) attack on the Serious Organised Crime Agency (Soca) on 20 June.

A DDOS attack typically involves flooding a target website with data, in an attempt to overwhelm it so it cannot serve its legitimate users.

'Botnet conspiracy'

He has been accused of attacking the website of the International Federation of the Phonographic Industry in November 2010.

And Mr Cleary also allegedly attacked the British Phonographic Industry's website in October.

He was charged under the Criminal Law Act and Computer Misuse Act by the Met Police's e-crime unit.

The alleged offences were carried out from this house in Essex

The charges against Mr Cleary include conspiring with other unknown people on or before 20 June to construct a botnet - a collection of hijacked home computers - to conduct distributed denial of service attacks.

He is also charged with making, adapting, supplying or offering to supply a botnet, intending that it should be used to commit, or to assist in the commission of a distributed denial of service attack.

The bail appeal will go to a Plea and Case Management Hearing at Southwark Crown Court on 30 August.

If Mr Cleary wins bail he will be banned from having any possession which can access the internet.

No internet access will be allowed at his home, which he will be prohibited from leaving without his mother, Rita Cleary.

Mr Cleary has not entered a plea to any of the charges.

View the original article here

History of hacking

9 June 2011 Last updated at 06:50 GMT By Mark Ward Technology correspondent, BBC News Sony has suffered a series of attacks by a variety of hacking groups The world is full of hackers, or so it seems. In the past few months barely a day has gone by without news of a fresh security breach.

Multi-national companies have been left counting the cost of assaults on their e-mail systems and websites.

Members of the public have had their personal information stolen and pasted all over the internet.

In the early decades of the 21st century the word "hacker" has become synonymous with people who lurk in darkened rooms, anonymously terrorising the internet.

But it was not always that way. The original hackers were benign creatures. Students, in fact.

To anyone attending the Massachusetts Institute of Technology during the 1950s and 60s, a hack was simply an elegant or inspired solution to any given problem.

Many of the early MIT hacks tended to be practical jokes. One of the most extravagant saw a replica of a campus police car put on top of the Institute's Great Dome.

Over time, the word became associated with the burgeoning computer programming scene, at MIT and beyond. For these early pioneers, a hack was a feat of programming prowess.

Such activities were greatly admired as they combined expert knowledge with a creative instinct.

Boy power

Those students at MIT also laid the foundations for hacking's notorious gender divide. Then, as now, it tended to involve mainly young men and teenage boys.

The reason was set out in a book about the first hacker groups written by science fiction author Bruce Sterling.

Continue reading the main story

6 June - Nintendo hit by Lulz Security

5 June - Sony Pictures Russia database leaked

3 June - Sony Europe database leaked

3 June - 10,000 Iranian government e-mails stolen by Anonymous

2 June - Sony Pictures database leaked

1 June - Defence group L-3 discloses it was hit in attack

1 June - Google reveals Gmail attack

30 May - Fake story about Tupac posted to PBS website

29 May - Honda Canada reveals 283,000 records stolen

27 May - Lockheed Martin reveals it has been hit by a hack attack

24 May - Sony Music Japan hacked

19 May - Nasa loses data to TinKode

Young men are largely powerless, he argued. Intimate knowledge of a technical subject gives them control, albeit over over machines.

"The deep attraction of this sensation of elite technical power should never be underestimated," he wrote.

His book, The Hacker Crackdown, details the lives and exploits of the first generation of hackers.

Most were kids, playing around with the telephone network, infiltrating early computer systems and slinging smack talk about their activities on bulletin boards.

This was the era of dedicated hacking magazines, including Phrack and 2600.

The individuals involved adopted handles like Fry Guy, Knight Lightning, Leftist and Urvile.

And groups began to appear with bombastic names, such as the Legion of Doom, the Masters of Deception, and Neon Knights.

As the sophistication of computer hackers developed, they began to come onto the radar of law enforcement.

During the 1980s and 90s, lawmakers in the USA and UK passed computer misuse legislation, giving them the means to prosecute.

A series of clampdowns followed, culminated in 1990 with Operation Sundevil - a series of raids on hackers led by the US Secret Service.

Group dynamic

But if Sundevil's aim was to stamp out hacking in the United States, it failed.

As connected systems became ubiquitous, so novel groups of hackers emerged, keen to demonstrate their skills.

Grandstanding was all part of the job for collectives like L0pht Heavy Industries, the Cult of the Dead Cow, and the Chaos Computer Club, along with individuals such as Kevin Mitnick, Mafiaboy and Dark Dante.

In 1998, L0pht members famously testified to the US Congress that they could take down the internet in 30 minutes.

Nintendo has also been hit by hackers keen to embarrass the gaming giant

Mafiaboy showed what he could do by crashing the sites of prominent web firms such as Yahoo, Amazon, Ebay and CNN.

Dark Dante used his knowledge to take over the telephone lines of a radio show so he could be the 102nd caller and win a Porsche 944.

Such actions demonstrate how hackers straddle the line separating the legal and illegal, explained Rik Ferguson, senior security researcher at Trend Micro.

"The groups can be both black or white hat (or sometimes grey) depending on their motivation," he said.

In hacker parlance, white hats are the good guys, black hats the criminals. But even then the terms are relative.

One man's hacker could be another's hacktivist.

Worldwide threat

If hacking was a business born in the US, it has gone truly global.

"In more recent times, groups emerged around the world in places as far flung as Pakistan and India, where there is fierce competition between the hackers," said Mr Ferguson.

In Romania groups such as HackersBlog have hit various companies. In China and Russia, many hackers are believed to act as proxies for their governments.

Now, in 2011, it is hacker groups making the headlines once again.

The Lulz Security hacker group pays homage to early computing with an ASCII image on its website

Two in particular, Anonymous and Lulz Security, have come to prominence with high profile attacks on Sony, Fox, HBGary and FBI affiliate Infragard.

"These stunts are being pulled at the same time as national governments are wringing their hands about what to do in the event of a concerted network attack that takes out some critical infrastructure component," said veteran cyber crime analyst Brian Krebs.

"It's not too hard to understand why so many people would pay attention to activity that is, for the most part, old school hacking - calling out a target, and doing it for fun or to make some kind of statement, as opposed to attacking for financial gain," he said.

A current favoured practice is to deface websites, leaving behind a prominent message - akin to the graffiti artist's tag.

According to Zone-H, a website which monitors such activity, more than 1.5 million defacements were logged in 2010, far more than ever before.

2011 looks like it will at least reach that total.

The sudden growth in the number of hackers in not necessarily down to schools improving their computing classes or an increased diligence on the part of young IT enthusiasts.

Rather, the explosion can likely be attributed to the popularity of Attack Tool Kits (ATKs) - off the shelf programs designed to exploit website security holes. Such software is widely available on the internet.

Bruce Sterling, with his future gazing hat on, has a view of what that will mean.

"If turmoil lasts long enough, it simply becomes a new kind of society - still the same game of history, but new players, new rules," he wrote.

And perhaps that is where we are now. Society's rules are changing but we're not sure who is doing the editing.

View the original article here

Citibank confirms hacking attack

9 June 2011 Last updated at 09:33 GMT The bank is under fire for not telling customers about the May breach Hackers have stolen data from thousands of Citibank customers in the US, the bank has confirmed.

The breach exposed the names of customers, account numbers and contact information.

But other key data, such as date of birth and card security codes were not compromised, the bank said in a statement.

Citigroup is the latest in a string of high profile companies to be targeted by cyber criminals.

It has been criticised for not telling customers about the breach when it happened in May.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," a Citi spokesman said in a statement to the Reuters news agency.

High alert

Around 1% of the bank's 21m account holders were affected - around 210,000 individuals.

The statement did not detail how the breach had occurred.

Security experts said the thieves may try to get hold of more information from those targeted.

"While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime," blogged Chester Wisniewski, a consultant for security firm Sophos.

"Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries," he added.

Citigroup in the latest firm to be hacked in recent weeks. Japanese electronics group Sony is still recovering from the theft of millions of pieces of data from its network.

While security firm RSA has offered to replace the 40 million secure tokens used by people to log into banks after it emerged that key data that operates them had been stolen in March.

View the original article here