It is worth highlighting that there is a whole ecosystem of bottom feeders in the world of government contracted 'whitehat hackers' & 'consultants'. They know as much about security as one can pick from 'Hacking Exposed IV' kind of book from your local book store. Some of them are just fakes who just have the right connection within the agencies (many are just ex-employees, friends of friends, college buddies and cousins). Then they need to know how to navigate the red tape of proposals and bids. So this all amounts to a lot of waste, stupidity (at best) and down-right maliciousness (at worst). We saw some of this with HBGary and this Karim guy, and this is just the tip of the iceberg.
If you have the right connections and know how to handle the red-tape (you might have to hire a full-time professional for it), you can make quite a bit of money bullshitting the govt and selling them crap.
There are corporate entities who are wasting their money on nepotism, graft, and efforts that are doomed to fail in the "planning" stages too. The difference is that the way that consumers pay for it is hidden in the cost of whatever products the company produces.
We can make government behavior suck less if we actually provide better transparency and metrics for success.
And there are people who have to do the same difficult, time-consuming and demoralizing work acting as gadflies against the egregious abuses of multi-national corporations.
And the notion that Governments don't compete is always either false or double speak. It either is the case that governments compete with the private sector (e.g. government backed plans for health insurance can operate more cost efficiently than the private sector, so they're a problem), or they don't (as you've just claimed).
And there are opportunities where people have successfully competed against governments as well. Governments collect mapping data and you can pay for access to that content. And yet there are tons of mapping companies out in the world, many of whom have better services and capabilities.
Lastly, for people who might wish to claim that government can wield undue influence over free markets when they get involved in industry, nothing has stopped them from getting involved in industries they're not directly involved in. The federal laws banning online poker are a great example.
Industry lobbying is such a powerful and distorting force, again enabled by a lack of transparency, that it seems laughable to be worried about undue government influence.
Can you please point out some of this many oligopolies that somehow force me to do business with them? I can not buy from pretty much anyone I don't like, if I avoid paying taxes I will probably end up in jail.
Your participation in government and society is still contingent. If you don't want to pay taxes, go become a monk and take a vow of poverty (yeah you will still have to file returns, but whatever).
If you participate in society, you are going to have to pay taxes. Just the same way that if you want to get access to the internet, you will have to pay a company like comcast.
And, when it comes down to it, the oil and automobile companies, as a practical matter, have done a pretty good job of ensuring that Americans have to have cars, and have to pay for gas in order to live in society. That is for all intents and purposes the same thing.
and a phone conversation: http://lulzsecurity.com/releases/Unveillance_Secret_Conferen...
Very interesting conversations.
They also had a "warmup" with the Nintendo servers: http://pastebay.com/125180
The emails consist of LinkedIn confirmations and "secret data" (PowerPoints w/ PDFs) about various smallish tech/data companies.
Sample PDFs in case anyone is interested:
Apptap (formerly Mplayit): http://www.2shared.com/document/1Q_QkBxY/apptap-execsummary_...
BlackRridge Technology: http://www.2shared.com/document/csuHua1e/Blackbridge_Investo...
CloudFusion Cconnect Business Plan: http://www.2shared.com/document/yi6bYjDC/cConnect_Business_P...
Gatekeeper Security Investor Presentation: http://www.2shared.com/document/Ec3FaP0p/Gatekeeper_Investor...
videoNEXT Network Solutions Inc. Corporate Qualifications and Capabilities: http://www.2shared.com/document/9OSbAgDM/videoNEXT_Investor_...
DHS Proposal/Comprehensive Understanding of Malicious Overlay Networks: http://www.2shared.com/document/5tCGtYKK/Lee_DHS1102_TTA6.ht...
Unveillance Federal Report: http://www.2shared.com/document/7SJljKpc/Unveillance_-_Fed_1...
The IRC log is really damaging... assuming, of course, that Lulzsec hasn't embellished it.
EDIT: The archive is actually a ZIP file, with a RAR extension, which makes some decompressors unhappy. A copy with the correct extension:
I just downloaded it again from myself and the new copy worked fine.
EDIT: Lulzsec created a ZIP file, but changed the file extension to RAR. Doh ho ho, those wacky guys. Your unrar tool is apparently more fragile than WinRAR, which decompressed it without even throwing an error.
Since I want to preserve the filename, I made a copy:
It's also interesting that they are using BitCoin. Say they try to cash out a block chain donated/given to them that was mined by a known IP; honeypot. Then whom ever sits in wait and watches the log waiting for that chain to get cashed out via a fiat exchange. Records are subpoenaed and it is determined who cashed out that block at what IP/PayPal/ect? I don't know if thats possible so don't trust me.
As for the bitcoins themselves, I believe that they'd be instantly anonymized by putting them through one or more bitcoin transaction before they reach real life. The FBI would have a very, very difficult time following the real-life "oh, I got them from person X" tree back to lulzsec, especially if lulzsec transactioned the bitcoins to the right person the first time around.
In the end, BitCoin is only as anonymous as you make it.
We have Julian Assange leaking secrets from nearly every country and major organisation. National governments are toppling left and right, with the internet as the tool to gather and convene. We have Anonymous who generally wreaks havoc on whomever pokes that hornets nest. We have Chinese hackers (or hackers using Chinese servers) that are whittling away on European and US servers. And we now have LulzSec hacking and publicly insulting the FBI.
What a weird world we live in.
1. Not so much 'leaking' as 'hoarding'... the dripfeed of leaks is mainly from the single cables dump (a non-renewable resource). Nearly every major organisation? I don't think so.
2. I'm guessing you mean Egypt, where the military has indeed appointed a new cabinet. Not sure that counts as 'toppling' but we'll see, come September. That accounts for the 'right', who's left?
3. Yes we have an organised collective of vigilante hckers exposing the hypocrisy and corruption of other hckers, much as has always been done. Two differences now: (a) national governments have started outsourcing to the second group more and also hyping the word 'cyber', leading to (b) the public has started to become mildly amused by these skirmishes.
4. Interesting configuration of actors there. For those in Europe or America, the interesting part of alleged Chinese hacking is the unwanted free transfer of lucrative IP, which is to say trade secrets. But the US government already has behind-the-scenes access to a vast amount of global internet traffic so any large scale spying effort on its part wouldn't need to be so overt as would that of, say, China. And China is certainly not alone in facing these allegations.
5. Aaand back to 3.
4. The NSA has taps on the major telecom hubs, and is actively sorting through reams of data to gather intelligence. I can't find the links right now, but the story was on HN about the project's creator and his misgivings about how it was eventually used. Yeah, China's bad, but just wait until the US finds itself toppled from economic primacy and see what information they start pulling out then.
The fiber tap story, for reference: http://news.ycombinator.com/item?id=2348156
Also, if there were a time that consumers learned to be wary of the information they hand out in public or private and how they protected it, now is the time.
If LastPass has an affiliate service, it's quite possible that some quick bucks could be made from this.
The main important point is that it makes a mockery of the security snake-oil salesmen and the government sponsored investigation agencies.
It also demonstrates that legislation is powerless over the internet (something I think everyone quietly realises but doesn't want to admit). They've let the cat out of the bag and now it won't go back in.
The Internet is an uncontrollable, resiliant, self-aware monster with a good self-preservation instinct. It's fighting back against those who wish to control it.
When you thing is security and the other person is feeling malicious I guess it can be an ugly outcome.
If by security one means absolute security against all threats present and future, then yes security is not only illusory but also meaningless.
When you later find out you were vulnerable. Were you secure?
Does knowing that an undetectable root-kit could have been installed during this time, change your perception of the state of your current security?
Would it matter if the newly-released insecurity was a one-in-a-billion thing?
For instance when's the last time you actually took measures to guard against a trojaned compiler?
If you did get hacked because of a one-in-a-billion thing which nobody could have predicted did it happen because you weren't secure or did it happen despite your security? It's a subtle difference in perceptions.
Does your perception of your security level change if you realize the crooked CEO conspired with the security consultant to arrange a back door and that the one-in-a-billion thing was a virtual certainty?
It goes deeper than simply being all relative, you always make some assumptions - even incredibly large ones. Even a tiny mistake can totally scupper system robustness. In crypto and security a system is often weaker than its weakest link and that includes designer assumptions, operator errors, and customer specifications as well as expected issues such as programming errors. Speaking of security as a thing that can be achieved is mostly wrong and confuses many.
We need some neutrino transceivers. And a few other orthogonal communication technologies.
Edit: I guess it is also a comment on the situation that I deleted my comment before reconsidering and deciding to repost it.
When opinions can no longer be expressed without fear of (arbitrary and/or extra-judicial) retribution, things have really started to go too far.
The physical media are too constrained. Even if you're not into "black arts" (and I'm not), you may have increasingly limited trust in the powers controlling the infrastructure (not so much the engineers, but the people who pay them and/or put them in jail).
IPv4/6 may die but there are still ways of shifting stuff around that is important.
2. Taping Telecoms
3. Taping satellites
and yet that still does not educate the FBI, CIA, NSA into having better computer specialists? That is the disadvantage of relying upon political back deals to do real work in that you get an illusion rather than reality.
Note, US military for years has been advocating taking service men and women and retraining them for a counter
computer security role to replace the independent whitehats.
Would it be too much to assume that the profits might be great enough at risk that some whitehats might be involved
with this LulzSec effort?
That is already an MOS.
You can't give them a process guide or a manual for this. It's something that requires understanding. It's idiocy.
I've worked with "DoD certified NT4 administrators" (retrained administrative worker bees) who didn't know arse from elbow. I walked straight onto one of their "certified configuration" exchange boxes via IIS and read classified emails over HTTP from the mail spool folder... That got me a promotion back then in '99 but it'd probably get me shot now.
Goodbye anonymous internet - as we know it today.
As much as I love freedom of speech and 'David' taking on 'Goliath' as the next guy, this is seriously bordering on Terrorism. This seems so unprovoked.
All this is doing is challenging the government to regulate the internet. This does nobody any good.
Now it seems Anon has gone too far, and has crossed over into 'psycho' territory. Once you start attacking the state, there is no coming back from that.
I am sorry, but this isn't a war that Anonymous can win.
In all honesty, all this is doing is challenging people who elect governments to regulate them. This now proven; government are not just bordering terrorism, they are engaging in terrorist acts through contracting fake security firms (which are then easy to point at when uncovered). THIS does nobody any good.
Constant citizens' surveillance and infringing of their rights by "righteous" Governments is also unprovoked.
I say bait you idiots with randomly spewed nonsense so that you spend all your time commenting on the internet.
Go cry more!
The FBI should start with the a court order and to get the domain registrar to reveal the identity of the person/organization, that registered the domain name lulzsecurity.com which happens to be registered in the Bahamas and can be viewed at : (http://whois.domaintools.com/lulzsecurity.com) as
Of course, most likely they used an alias/fake identity. But the hackers had to have left a financial trail when they purchased and registered that domain name, or that phone number, PO Box.
Paypal accounts are cheap to buy and machines running Windows are plentiful.
And how exactly do you know this?
The problem is that all these combines resources mean less outside of the US. They mean even less in an old eastern bloc country, Russia, or some random 3rd world.