Lulzsec!

do all these companies use the same server programs? Could it be an inside job or could they have found one of those mythical backdoors?

probably a mythical backdoor. i remember about 10 years ago a magical IIS vunerability that allowed someone to upload and run an ftp server with full drive access in around 30 seconds ;)
 
It is amazing how many people have been hit by this group. Makes me wonder if there is some sort of major back door in all their systems. I'm ok if they discover holes in the big companys systems like Sony, they have BILLIONS to spend on IT and should have no excuse for poor secuirty. Minecraft on the other hand, Mojang isn't exactly the biggest budget developer in the world and certainly would be forgiven for not spending massive money on it's servers...

They are on twitter whom i'm following to watch their rampage. Scary stuff how much they are getting done.
 
Minecraft wasn't hacked into, neither was Eve Online and a few others, they launched what is known as a denial of service attack that temporarily forces the game service offline, normally no data is compromised by a DDoS attack although in the past they have been used to expose other vulnerabilities and allow attacks in elsewhere.
 
probably a mythical backdoor. i remember about 10 years ago a magical IIS vunerability that allowed someone to upload and run an ftp server with full drive access in around 30 seconds ;)

I saw some interesting IRC logs last night that suggested its a very simple code injection and LS didn't come up with it at all - its been around in proof of concept form for awhile but no ones been able to actually make it work outside of ideal circumstances. I think there may potentially be a bit of social networking or something thats allowed them to engineer the circumstances for it to work.

EDIT: Not all the attacks have been via the same method tho, they seem to want people to think it was all via the same 0day apache exploit tho.
 
Last edited:
hmm seems a mix of stuff... I'm quite confused tho the more you dig into it the less anything makes sense, its like someones engineered the whole thing. Half of the stuff they claim to have done is old stuff that other people have done, some of its just DDoS, etc. that anyone can do and other bits are proper cracking. But theres docs that seem to show that the recent actions by lulzsec is in retalliation for the "apparent" infiltration of Anonymous by the US security services but the more you dig into LS the more everything leads back to the same backend as operated by Anonymous most of it hosted by Saad Naveed who seems to have done enough that can be definitely linked back to him that he should be in jail, and must have good or full knowledge of the operations of the ongoing attacks yet seems to roam free.

Dunno its just a passing interest - I'm probably missing something obvious - and I've not considered it worth putting too much effort into getting my head around but it alls seems a bit off to me.
 
Last edited:
Ok, let's do some digging...

15 June 2011

Subject: LulzSec Evidence on member "Nakomis"

Twitter: http://twitter.com/Anonakomis

"Nakomis" maintained the twitter "real_j35t3r" for AnonOps during a secret Operation called "Unmask". IRC logs from this invite only channel show Sabu, Topiary, Barrett Brown, and Nakomis were all trying to find out who "The Jester (th3j35t3r)" was.

http://imgur.com/ugZMh

The picture above shows what looks to be an individual with a name tag printed "Jester". Upon the unearthing of this image, the group members found the mans name to be "Casey Gardiner", living in Southern California. After looking over his linkedin account and facebook, he seemed to fit as a match to Jester.

Topiary created the real_j35t3r twitter account as well as the hushmail email associated with it. From what records show, Nakomis took this over quite quickly and began tormenting th3j35t3rs followers and supporters.

Barrett Brown and Sabu calm that Casey's email was breached during the month of March of 2011 and started monitoring incoming and outgoing mail ([email protected]). Nakomis claimed during this time, he befriended Casey on facebook and had began engaging in conversations about tennis and music.

During the beginning of April 2011, Nakomis was contacted by a fake reporter who turned out to be th3j35t3r himself.

Full details can be found here: http://*******.com/6gq8ykl

Nakomis told the secret group about the reporter at the beginning of April 2011. Barrett contacted Nakomis and told him that they should give out the dox info during the interview and corner the news agency into releasing their source at a later date. Payment for this interview could also be used to involve th3j35t3r in illegal acts. Their plan however, failed and they had to start from scratch.

According to logs, Nakomis reset Casey's paypal password and sent payment to what he thought was a genuine AP reporter, who turned out to be th3j35t3r.

After the apparent failure, the group started what is now known as "LulzSec". They wanted to disenfranchise themselves away from 'Anonymous/AnonOps' as much as possible so they could:

A) Claim credit for themselves
B) Higher Risk Targets
C) Not involve the group as a whole
D) Financial Gain

Nakomis is believed to have been around the Anon Community for quite some time, yet changing his name and releasing his true identity to only a select few.

What is known about Nakomis?

Coder - A few successful social engineering operations have shown him to be the main programming force behind some attacks. As a prior (lead?) developer for phpBB Online Message Boards, he might be the individual supplying LulzSec with SQL vulnerabilities for their attacks as well as coding software (possible malware).

Educated - Claims Berkeley as his location of studies. TinyChat video screen shots show him in what looks to be UC Berkeley sweats. Twitter page states Computer-Human Integration, which might be associated with the School of Information.

Immature - TinyChat video screen shots observe Nakomis exposing himself many times.

Location - Southern California (th3j35t3r #jester irc logs show him stating the town of Victorville as his residence, but not confirmed)

Connections - Seems to know everyone fairly well around the community. Many times gaining recognition from @Anon_Central and other twitter accounts confirmed as AnonOps "Staff". Prior accomplices: Isis, Owen, Ryan, Corey, Wolfy, Heyguise, OpNoPro, Sabu, Topiary, Barrett Brown, and more.

Military Counter-Intelligence - Sources say Nakomis served quite recently in the United States marines doing government intelligence. Possible network security work or programming that supported their mission.

Age - Anywhere from 24-26 is what has been seen and reported.

Identification Marks - Beard(?), tattoos on both arms, brown hair, and blue eyes.

There's no doubt that these members (Sabu, topiary, nakomis, and possibly others) are apart of LulzSec. Targeting th3j3t3r, his followers, ShadowDXS, and just the attitude in general resembles their prior operations.

Nakomis<ShadowDXS : I'm gonna make you famous. Because I love you.
http://*******.com/3z59g92


Also this - http://www.unveillance.com/latest-news/unveillance-official-statement/


LulzSec has all traits of an Internet terrorist group, it would seem.

Are they hitting random targets to confuse Internet society whilst having they're own crusade on a hidden track or are they all just annoying script kiddies who are trying to have some fun thinking that the Internet is the safest place to do so?
 
Last edited:
is it just me or does lulz look strangely like the anti ocuk site that was created years ago?
 
I just called the number they posted on their twitter but seem to no longer be working, i could hear two males with a British accent i asked for them to hack World Of Warcraft If They're such good hackers and replied along the lines of no since we play it.
 
I just called the number they posted on their twitter but seem to no longer be working, i could hear two males with a British accent i asked for them to hack World Of Warcraft If They're such good hackers and replied along the lines of no since we play it.

I think you have been had :D
 
You really don't want to do stuff like that... initiating a DDoS attack in the UK is punishable with upto 10 years in jail. (if it wasn't I'd have taken their site, IRC server, main proxies and twitter offline by now - its not exactly difficult to do).
 
Last edited:
I just called the number they posted on their twitter but seem to no longer be working, i could hear two males with a British accent i asked for them to hack World Of Warcraft If They're such good hackers and replied along the lines of no since we play it.

i believe they have been forwarding that number to call centres like a ddos in a way but for phones.

look at thier twitter and they mention it a few days ago
 
You really don't want to do stuff like that... initiating a DDoS attack in the UK is punishable with upto 10 years in jail. (if it wasn't I'd have taken their site, IRC server, main proxies and twitter offline by now - its not exactly difficult to do).

No you wouldn't have.
 
Back
Top Bottom