Expect More Internet Anarchy with Dawn of School4lulz

Tuesday, June 28, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Wondering if the swift emergence and equally sudden disbanding of the hacker collective LulzSec will mean we will enjoy a respite from the relentless onslaught of cyber attacks against both private and public sector targets?

Don't hold your breath.

The likely scenario is that the core leadership of rogue groups like LulzSec and Anonymous will be concentrating on efforts to educate and arm an even greater swarm of would-be Internet anarchists.

In LulzSec's farewell, the collective informally announced the creation of the AntiSecPro Security Team, seemingly with the goal in mind to spread the tools and knowledge required for other hacktivists to take up the LulzSec mantel:

"Currently we are developing structure and hierarchy... This group is about education and real life exercise of what we know and learn. We considering computer security and hacking equally correlated to each other. The process of penetration, exploitation and hacking only progresses the necessity for better security and product development. This promotes more advanced technology and a better experience for the majority of computer users..."

We have also now seen the emergence of the Anonymous-backed School4lulz, a resource for hi-tech hooligans to learn the finer art of hacking, cross-site scripting, SQL injections, botnet herding, doxing, and tools of the trade.

By concentrating on instruction and inspiration, the core leadership of these now infamous hacker networks can effectively remove themselves as primary targets for law enforcement and anti-AntiSec hackers like The Jester (th3j35t3r) and the Web Ninjas, and instead encourage their less-savvy teen minions to commit the attacks and take the heat.

And what can we expect from this shift from committing attacks to arming attackers? Probably a lot more 'lone-wolf' and upstart hackers who want to make some headlines and garner some street cred with idealistic attacks on big name companies and organizations, such as in Tuesday's denial of service assault against Mastercard.

The RegisterUK reports that "Twitter user @ibomhacktivist claimed responsibility for the reported assault, which it said had been motivated by Mastercard's decision to suspend an account maintained by WikiLeaks in the wake of the whistle-blowing site's decision to start releasing leaked US diplomatic cables last November. Or something like that..."

The hacktivist announced his attack with the following Twitter message: 

"MasterCard.com DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D".

So, if you have already grown weary from reading headline after headline about new attacks by faceless egoists whose only real interest is to start fires for the pleasure of watching stuff burn, you are in for a long summer. Maybe a long year. Several perhaps.

For better or worse, 2011 will be remembered as the year hacktivists set the Internet on fire, and given the lax security protocols that make up the current staus quo, we can expect this fire to burn for some time to come.

Possibly Related Articles:
20954
Network->General
Attacks Headlines Network Security Anonymous Hacktivist hackers Lulzsec School4lulz Anarchy
Post Rating I Like this!
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey I wouldn't blame the protocols in all sincerity. The real problem as I see it is a lack of skills at the hands of those responsible for the sites that got nailed. Perhaps the budget cutting has gone a bit too far and all companies are getting for their money is trainees. I've been monitoring the attacks and analyzing them for weeks now and I'm seriously not impressed with any of these kids. Proper security is not elusive, it merely takes the talent and experience to have seen most of this all before and to know how to mitigate is. And that can cost some money.

Even sadder? All of the attacks so far have had SANS bulletins going back to 2003 warning of them.
1309337440
Default-avatar
hastey pastery Dear Kevin McAleavey,
A larger part of our Antisec movement is to show that these governments and companies claiming to be "untouchable" do not know how to be secure. How can their nations and/or customers trust these corrupt individuals when all it took was some tools and google research to steal info and user/pass data
1309391855
B6f0893230292b638a6419bf566dbda6
cliff sull The big question @hastey pastey is what kind of Anarchy is acceptable- Is the threat to Bomb an Airport something that you would get #Lulz from ? I don't - http://cliffsull.wordpress.com/2011/06/30/sabu-distances-antisec-antisec-from-bomb-threat-on-airport/
1309398304
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey Sadly, this is also something else I've seen before. A few misdirected kids on a mission who could have gone the intelligent route, carefully documenting what they found and putting together a neat little package to bring to the media for a scandalous news event instead deciding to "tune for maximum smoke" and in the end butting heads with rival factions until the story is no longer what was originally intended, but instead a battle of the kids where they all end up getting vanned for their path of destruction.

Yes, it's critical to let everybody know how poorly their trust was placed in operations that failed in their primary mission. But all of that fades away when innocent people are hurt in the process and that's where this whole thing went terribly wrong.

This COULD have been a "teaching moment" ... instead it is rapidly becoming just another media story of "thuggery on the high seas" and nowhere will it be remembered that there was a serious security problem worthy of public attention.

Saw all this in the 90's, and there is no longer the promise of the L0pht or @stake kind of things to sweep in and hire the kids up. Folks should have seen this coming too.
1309405302
Default-avatar
hastey pastery who knows if that is even true. new stuff is made us about him all the time. if he did, i seriously disapprove of his actions and so would most of the others. i feel like the antsisec movement may fall apart due to the lack of leadership causing the mass of followers to lose sight of what we are trying to accomplish but my team and i hope to restore the hope sabu and his team gave the mass of users in our irc chat. there will probably be more misguided attacks and bs stories calling us terrorists. but thats what we're fighting for kevin, freedom
1309484572
Ba829a6cb97f554ffb0272cd3d6c18a7
Kevin McAleavey I saw that "AnonymouSabu" smacked that one down hard and fast. Fairly obvious that it was a troll. FWIW, I've ridden this ride around the sun more times than probably anyone in the "group" and in all those orbits around the sun, I've seen plenty of causes and political movements come and go. I've seen just about all of them compromised from their original purpose just like the Lulzboat was.

There are quite a few of my compatriots in the security industry who quietly cheered you guys on for exposing security lapses that many of us have been complaining about for years. And many hoped that the exposure brought about by the Lulz would finally get CFO's to stop cutting IT departments and fix some things for a change. But that all changed when innocent users on those sites had their financials and personals exposed. That is what is called "collateral damage to civilians" and is the most clear way possible to lose "hearts and minds" in any form of operation. From that release onward, the lulz stopped and the butthurt began because the story is no longer about security, it's about the victims. Thus, the original purpose in this manifesto has been completely compromised, and whatever cred the movement had established is now gone.

With freedom comes responsibility. And a big part of that responsibility is to do no harm to innocents in the furtherance of the campaign. Once that has occurred, any support that might have once been there evaporates. Rest assured that I understand where you're coming from. I was once young and naive too. The more anonops acts out the way it is, the sooner the authorities will catch up and silence you. Everyone had the opportunity to research their targets, gather documentation and make a splash of the realities involved as wikileaks tried to do. This should have been a media campaign just like wikileaks and not a scorched earth free for all that it turned into. I hope you understand where I'm coming from, and that some wisdom and restraint finds its way back into your endeavors. Right now, anarchy is not your friend. Nor is it anyone elses. Revolutions were meant to be televised. :)
1309489096
Default-avatar
austra lia Come and celebrate the Republic Day of India with us at http://republicday2015.in/
1421094249
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.