
LulzSec Topples EVE Online, Minecraft, League of Legends and other Servers - ghurlman
http://www.gamepro.com/article/news/220418/updated-lulzsec-topples-eve-online-escapist-magazine-minecraft-and-league-of-legends-servers/
======
citricsquid
When they're attacking Sony it's "righteous" and "good", when they're
attacking companies we _like_ they're "bad" and "immature". They've always
stated their intention is to create "lulz" and just do whatever damage they
can, apparently people overlooked this when they were attacking people
_everyone_ "hated". Luckily Minecraft wasn't down for too long, some of us are
directly affected by this stuff, sigh.

The internet is a shitty place.

~~~
lwat
These attacks are annoying and damaging but in the long run they make our
internet stronger. If these didn't happen so often people would care a lot
less about security and robustness.

~~~
hugh3
Sure, and I can go around punching people in the face and tell 'em that I'm
doing 'em a favour by reminding them to always wear a full-face helmet when
out in public.

But if nobody except me is a big enough asshole to go round punching people in
the face at random...

~~~
fourk
The difference is that one of those people could very well return the favor
and give you a proper ass kicking, or determine your identity with relative
ease and file a complaint with the police.

The disincentives that exist for your example and those that exist for actions
similar to those taken by lulzsec are radically different.

The conclusion that people should walk around with full-face helmets is
ridiculous because of the existing disincentives for assaulting someone. The
conclusion that companies should secure their networks, not such an
unreasonable expectation.

~~~
roel_v
Right, the problem is that 'digital criminals' are a) not likely enough to get
caught, and b) not punished enough if/when they are.

What we need are stronger punishments against digital vandalism and profit-
oriented digital burglary alike, and more and stronger enforcement.

(not being sarcastic, in case anyone's wondering)

~~~
StavrosK
Good thing our politicians are listening and are prepared to clamp down hard
on illegal filesharing.

------
mindstab
Anyone want to go conspiracy theory with me and wonder if some government
agency wants more power to go after groups like anonymous and wikileaks and so
are doing this themselves to get both people and the rest of government on
board to give them more broad and exciting new powers (at our expense) to go
after the real groups?

~~~
blhack
I _keep_ hearing this conspiracy theory pop up in almost every thread both
here and on reddit about lulzsec's activities.

Can somebody give me a "worst case" scenario for a government crackdown on the
internet?

What's to stop me from running tor? From VPNing out of the country _myself_?
How would this alleged crackdown affect me?

And are you all new to the internet? Hacker groups like this have been around
since...ever. I will admit that their publicity seems to have been waning in
the last 5-6 years, but we're not really seeing anything new here. The only
new thing about it is that this time it's happening on twitter.

This isn't a government cover-up. This isn't a conspiracy. It's one or several
nerds doing what most nerds love to do: cause trouble. It's just that _this
time_ , it's happening on a much more public forum.

~~~
mindstab
What's to stop you? the government making it illegal to run hacking tools like
"tor" (see the silk road/bitcoin post on HN from earlier) etc illegal and
forcing your ISP to record any use of such and block you off the internet (see
france's 3 strikes, you as a person are not allowed on the internet law) and
report you and then possibly criminally prosecute you as well.

~~~
blhack
What you're suggesting is impossible.

>the government making it illegal to run hacking tools like "tor"

Do you think that there is nothing illegal that happens on the internet _now_?
How long was it illegal to export encryption? How many people actually cared?

>forcing your ISP to record any use of such and block you off the internet

The encryption standards that we all use are the same encryption standards
that are recommended by the NSA. Unless my ISP knows something that the rest
of the world doesn't, it's functionally impossible for them to see what I'm
doing if I'm either using tor, or tunneling out of the country on the back of
a VPN.

Tor was invented by the NSA, by the way, for exactly this purpose.

Look at what Iran/Egypt/etc have done to try and crack down on internet usage.
Or even China. Look at how successful that has been.

(It has been a failure)

~~~
a3_nm
Was Tor actually invented by the NSA? I didn't manage to find any sources for
that, could you provide one?

~~~
ontoillogical
Not the NSA, it came from the Navy. See here: <http://www.onion-router.net/>

~~~
blhack
Hmm, is the NSA a division of the Navy?

~~~
hugh3
Nope.

------
corin_
How is it that so much coverage of LulzSec still hasn't understood their
motives?

    
    
      The group's agenda isn't entirely clear right now
    

Yes, it is, they're doing it because they find it funny.

~~~
thinkalone
I think it's dismissive to jump to that conclusion - they're likely turning a
healthy profit by dumping lists of emails, credit card numbers, and zero-day
vulnerabilities on the black market.

~~~
intended
If they wanted to do that, then I don' think they would announce it. Offering
someone a bunch of private data, 0 days, credit card info, but then making it
useless in a few hours because you announce it to the world, hardly seems like
a viable/profitable business.

~~~
thinkalone
That works under the assumption that they release everything, when they have
explicitly said that they do not.

Specifically - information gained in the Bethesda
<http://pastebin.com/i5M0LB58> and whitehat <http://pastebin.com/MQG0a130>
raids has not been released.

------
pspeter3
Not that LulzSec has made sense up until now but why bother taking out online
video games? I feel like that's alienating the population that would normally
support or at least be indifferent about a group like LulzSec.

~~~
Roritharr
Not to be too cheezy, but i'd like to quote The Dark Knight here: "Some men
just want to watch the world burn."

~~~
pspeter3
Valid point and a great quote. It's just hard to believe such people exist
outside the realm of comic books.

~~~
hammock
Think of the Lulzsec activities as more of an art than an act of vandalism.
(Most taggers/spray painters feel the same way, and are also known to deface
their own stomping grounds)

edit to the downvoters: I'm not defending their actions, just putting myself
in their frame of mind

~~~
Overd0se
The do because they can. and the immense butthurt of the gamers is music to
their ears.

------
trotsky
Acting like defacers wasn't low brow enough, now they're just borrowing a ddos
botnet? What's next in this high tech crime spree, supergluing all the lock
tumblers at the local mall?

Is the lulz from laughing with them or at them?

~~~
felipemnoa
With them my friend, with them.

------
SoftwareMaven
Honestly (ex-Riot Games, League of Legends contractor) I wondered how well the
infrastructure choices for their login server would hold up. There was a huge
amount of complexity involved in it, which is REALLY hard to get right.

I just hope it wasn't code that I actually wrote that let them in. :) If I was
betting, though, I would bet that it was a vulnerability in Adobe LiveCycle
Data Services.

~~~
sbarre
As far as I can see, they didn't hack game servers, they DDOS'ed them...

------
shadowflit
CCP statement:
[http://www.eveonline.com/news.asp?a=single&nid=4616&...](http://www.eveonline.com/news.asp?a=single&nid=4616&tid=1)

I admit, I was at work for the entire downtime so it didn't bother me, but I
am pleased with their response to the situation. Hitting the big red button
may be a drastic step in response to DDOS, but at least they were willing to
take security seriously.

------
Apocryphon
I wonder if there's an ideological "faction" (not an actual group or
organization) of Anon hackers, the ones behind the hacktivism (pro-Wikileaks,
anti-dictators, anti-corruption in democracies), who feels like groups such as
LulzSec are tarnishing the reforming image of Anonymous. Prior to this month,
they were getting almost mainstream approval as supporters of liberation
movements in the third world.

~~~
hugh3
Isn't this exactly what we're seeing? A split of "anonymous" into folks who
want to piss on things for (often misguided but still there) political reasons
and folks who just want to piss on things for the, as it were, lulz?

------
abcd_f
There is a good expression for cases like this -

    
    
      To break is not to build
    

meaning it is much easier to break something than to build it in the first
place. And it holds so very true for virtually any networked app or service.

------
marcamillion
This is just getting tired and dumb now.

It's no longer funny.

It's like the joke you told at a party that everybody laughed at. Then you
told it 5 more times before you left the party.

Unfortunately, I don't see them stopping any time soon. Soo....

~~~
hugh3
Ah, but to _them_ , the more you complain that it's not funny any more, the
funnier it gets.

It's kinda like a destructive version of people who say "That's what she
said".

~~~
felipemnoa
Very true, indifference would make them stop.

~~~
marcamillion
Agreed. I wasn't going to say anything about it, but then every other day I
see a new story and I roll my eyes in disbelief that they have struck again -
then I don't say anything thinking it will be the last and wake up 2 days
later and the cycle repeats itself. So I had to say something this time.

The most ironic thing about all of this though is they are likely destroying
the very feature (anonymity) that they are exploiting.

All this does is give ammo to the record companies that want tight
restrictions on the internet. Once that happens, it's game over. They can't
win that one.

------
Jach
Why is this article suggesting people change their login details? Is this
anything more than a ddos, have the servers actually been compromised? Or is
it a warning to change _before_ they get compromised?

~~~
blutonium
Better safe than sorry. After the DDoS, CCP took the entirety of EVE down to
do a security audit. Minecraft seems sure that it was only a DDoS, but they
don't personal details on their servers like CCP does.

------
run4yourlives
These idiots won't be happy until the internet is locked up into a corporate
controlled gated community.

Being a p.i.t.a is not cool. Throw the book at them.

------
dmix
For those wondering what the motivation was, earlier in the day there was a
thread on escapist complaining about LulzSec hacking into Brink.

So LulzSec decided to take down that site and what I assume were a bunch of
other easy gaming targets.

------
itswindy
'Hackers' used to have a special status, but soon enough they'll be considered
like pirates were in the 17th century. It's just isn't cute anymore. Or
harmless.

~~~
felipemnoa
But pirates are considered cool by a lot of kids.

------
quizie
They have an twitter account, thus a quick phonecall to twitter from US gov
for an IP and mac address should put an end to all of this. Also they have a
site up, so simply check their dns and domain provider for a whois (most
likely private - so might require pushing). They are also on The Pirate Bay,
so they might have some IP data too. meh

~~~
mrlase
No. Not that easy. They use VPNs offshore chained together not to mention the
off shore vps' they have. Of course they would use protection when even just
getting on Twitter, so a phone call from the government would do very little
as the give would receive an IP from somewhere offshores that doesnt give a
damn about US law, providing time and security to lulzsec.

~~~
9999
I wonder how secure those VPN providers are. Regardless, my bet is that these
guys will get taken down via a Kaczynski vulnerability. That is, someone that
personally knows them will figure out that they are responsible and report
them to the authorities.

~~~
meric
Where did "Kaczynski vulnerability" come from? Your comment is the first
result I got googling it.

[http://www.google.com/search?client=safari&rls=en&q=...](http://www.google.com/search?client=safari&rls=en&q=Kaczynski&ie=UTF-8&oe=UTF-8#sclient=psy&hl=en&client=safari&rls=en&source=hp&q=Kaczynski+vulnerability&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=2d73352299cad304&biw=1192&bih=664)

~~~
jonafato
Probably from Ted Kaczynski:

"David Kaczynski had once admired and emulated his elder brother, but had
later decided to leave the survivalist lifestyle behind.[74] He had received
assurances from the FBI that he would remain anonymous and that his brother
would not learn who had turned him in, but his identity was leaked to CBS News
in early April 1996."

<http://en.wikipedia.org/wiki/Ted_Kaczynski#Arrest>

------
yayadarsh
Does anyone else see this as an excuse to limit Net Neutrality by various
world governments? I hope these actions which are carried out for the sheer
'lulz' don't lead to more concerns with the freedom of our wonderful worldwide
web.

That, is the opposite of 'teh lulz.' :|

------
PaintBucket
I doubt Minecraft is too upset by this. The free publicity probably gained
them many more customers.

------
goombastic
Makes me think how much of this is going to be used as a pretext for new
legislation.

------
sigzero
Freaking idiots! Get off my lawn!

------
shareme
Something does not add up....

Notice that certain targets are avoided? What I mean by targets is that
everything is low hanging fruit only..a sql injection here and sql injection
there...nothing really highly skilled. Also targets missing from the list is
heavy duty military and gov sites. For example, a low level FBI contractor was
attacked not FBI itself, not CIA, non DoD,etc.

The conclusion I come up with is that LulzSec was infiltrated to get anonymous
by government agents. After they get anonymous they might figure that they
than have info on how to get wikileaks.

~~~
william42
Or, Hanlon's Razor, LulzSec aren't magical security geniuses and they're
taking low-hanging fruit precisely because it's low-hanging.

------
noonespecial
I just hope that the league of american white old men doesn't meet and decide
that the answer to Lulzsec is naturally the removal of more freedoms for the
sake of security and much easier wiretapping by the FBI.

~~~
hugh3
Really? You had to bring race into it?

~~~
thebooktocome
If he's talking about the FBI, he's talking about USGOV.

If he's talking about USGOV, the demographics of Congress, the Cabinet, and
the Supreme Court are pretty clear.

~~~
noonespecial
It has apparently become unfashionable to mention this fact. I hereby retract
"league of american white old men" and substitute instead "league of american
over-reacting nannystate citizen-leaders of indeterminate age, race, or sex".
_(1)_

 _(1) They also may or may not have formerly said "Ni!" Hacker News, like
Camelot, can sometimes be a very silly place._

