

LulzSec takes down cia.gov - pistacchio
https://twitter.com/#!/LulzSec/status/81115804636155906

======
lhnz
I have a couple of speculative questions and I wonder if anybody could help
answer them: (a) assuming governments attempt to use these recent events
politically to get legislation that gives them 'control' over the internet,
will they be able to stop DDoS' and hacks resulting from poor security in
organisations, or in the formers case a lack of caching/bandwidth, (b) if they
are using Tor, not giving away their personal information, and using a botnet,
how traceable are they? -- Will there be a money trail from the botnet owner
or is this impossible to find out, (c) if, instead of a couple of bored
teenagers, the hackers were experienced professionals could more damage be
caused to sites with higher security -- is this already going on?

~~~
gbrindisi
I'll try to reply:

(a) I doubt, but I don't really have an answer so I'll skip

(b) I think VPNing out from Tor and ride a botnet will make you pretty much
untraceable. It would be really hard to find you because of both technological
and legislational barriers (where is your VPN? and the bots? Qatar? Good
luck). Following the money trail would be a more reasonable way but still
electronic currencies are hard to trace (LibertyReserve, and so on) due to
foreign legislations and in the end they could always have funded themselves
from stolen credit cards (a quick search on pastebin and you can buy some for
yourself fresh from skimmers). And not talking about bitcoin.

(c) I don't think LulzSec are skiddies. A bunch of skiddies would be in jail
right now.

------
corin_
I know it wouldn't actually put a stop to what they are doing, but am I the
only one puzzled that the US Government hasn't (afaik) done anything visible,
such as seizing their .com domain, or asking/forcing Twitter to delete their
account?

------
mishmash
Funny but interesting, there are only 2k websites more popular than cia.gov in
the UAE:

<http://www.alexa.com/siteinfo/cia.gov>

------
nateberkopec
This...this is getting out of hand.

Is every website really this vulnerable to DDoS?

~~~
dedward
In general, yes - especially if those sites are not immediately revenue
generating.

The kind of infrastructure you need to defend against humungous DDOS attacks
does not come cheaply, whether bought or outsourced.

