Skip

Yet more censational news
June 21, 2011 4:18 AM   Subscribe

Lulzsec appear to have hacked the UK 2011 Census which, if true, could be quite a significant ramp up of the security wars. Grabbing a few million credit card numbers is one thing, 60 million identities is something else entirely. Not to mention the celebrity data. Here's the Hacker News comment thread, and a list of the actual census questions to show what could be on offer.
posted by Duug (135 comments total) 11 users marked this as a favorite

 
Part of me delights in things like this.

Another part of me just gets a bit worried as to what monster will be awakened when they keep poking the cages as they do.
posted by hippybear at 4:22 AM on June 21, 2011 [11 favorites]


Fuck.
posted by seanyboy at 4:23 AM on June 21, 2011 [1 favorite]


Maybe we'll start to see some actual information security employed? Especially with US elections coming up next year and voting machines notoriously insecure?

Oh who'm I kidding.
posted by DU at 4:23 AM on June 21, 2011 [2 favorites]


I'm even more glad now than I was before that I wasn't 100% accurate with my answers.
posted by Solomon at 4:29 AM on June 21, 2011


One wonders (as lulzsec intends us to) how many entities have already stolen that data without telling everybody about it.
posted by Salvor Hardin at 4:31 AM on June 21, 2011 [23 favorites]


Data handling provided by Lockheed Martin, which ruffled a few feathers.
That would be the same Lockheed Martin who recently had a data breach on the back of RSA's SecurID fuck up. For want of a nail and all that.
posted by SyntacticSugar at 4:33 AM on June 21, 2011


Solomon: "I'm even more glad now than I was before that I wasn't 100% accurate with my answers."

We filled out the census and then moved. City.

I'm sure the UK Jedi Council will have something to say about this.
posted by ArmyOfKittens at 4:34 AM on June 21, 2011 [1 favorite]


Also I am consulting this guy before playing the lottery again.
posted by ArmyOfKittens at 4:36 AM on June 21, 2011


We all know about white-hat and black-hat hackers, but LulzSec doesn't seem to fit neatly into that paradigm. What do we call them? Gray-hats?
posted by Faint of Butt at 4:37 AM on June 21, 2011


Ass-hats?
posted by oulipian at 4:38 AM on June 21, 2011 [37 favorites]


Gray caps?

How strange, a mushroom growing indo
posted by emmtee at 4:40 AM on June 21, 2011 [2 favorites]


From a comment in the Hacker News link: This was the first census where you could submit details online. I wonder if it was these records? Would be surprised if they had even finished scanning the paper ones yet, but the UK governments security record is not good. They contracted it to Lockheed Martin, who also do the US census, so presumably reused the software?

If the concern is computer hacking of census data, one might be much more concerned of the many reasons there are for Lockheed Martin to do some hacking of its own.

Wikipedia opines: Lockheed Martin is active in many aspects of government contracting. It "received $36 billion in government contracts in 2008 alone, more than any company in history. It now does work for more than two dozen government agencies from the Department of Defense and the Department of Energy to the Department of Agriculture and the Environmental Protection Agency. Its involved in surveillance and information processing for the CIA, the FBI, the Internal Revenue Service (IRS), the National Security Agency (NSA), the Pentagon, the Census Bureau, and the Postal Service."
posted by three blind mice at 4:40 AM on June 21, 2011 [2 favorites]


It's worth mentioning the other pastebins have been linked from Lulzsec's twitter, whereas this one hasn't yet.

Also within the last few minutes, Essex teenager arrested on suspicion of hacking - Channel 4 tweeted '19-year-old suspected of being mastermind behind computer hacking group LulzSec arrested in Wickford, Essex.'
posted by emmtee at 4:45 AM on June 21, 2011


What do we call them? Gray-hats?

Teenagers?
posted by Seiten Taisei at 4:46 AM on June 21, 2011 [4 favorites]


Why hack the census? Isn't the data made public, albeit in anonymised form after a little while?
posted by Joe Chip at 4:49 AM on June 21, 2011 [1 favorite]


Also within the last few minutes, Essex teenager arrested on suspicion of hacking - Channel 4 tweeted '19-year-old suspected of being mastermind behind computer hacking group LulzSec arrested in Wickford, Essex.'

His metaphorical tarred corpse will undoubtedly be hung in a gibbet along the side of the Information Superhighway as a grim warning to anyone else who might get any ideas. In reality, that'll probably be a 100+-year prison sentence, quite possibly in a US Supermax penitentiary.
posted by acb at 4:50 AM on June 21, 2011


The Mirror has all the technical details.

For those seeing this after they edit it, although assuming they actually will might be flattering the Mirror's editorial standards a bit, the top of that article is a huge image of a gloved hand, in the dark, operating a mouse. Subtitle reads 'Computer'.
posted by emmtee at 4:58 AM on June 21, 2011 [23 favorites]


emmtee, i took a screenshot - that's raising the bar, that.
posted by ukdanae at 5:00 AM on June 21, 2011 [14 favorites]


Um, caption. Not subtitle.
posted by emmtee at 5:00 AM on June 21, 2011


The hand has also put the mouse on top of a trackpad. I love everything about that picture.
posted by dudekiller at 5:01 AM on June 21, 2011 [51 favorites]



For those seeing this after they edit it, although assuming they actually will might be flattering the Mirror's editorial standards a bit, the top of that article is a huge image of a gloved hand, in the dark, operating a mouse. Subtitle reads 'Computer'.


And the mouse is sitting on a laptop touchpad for some reason.
posted by ghharr at 5:02 AM on June 21, 2011


A hand, in a leather glove, operating a mouse, on a laptop trackpad.
posted by tylermoody at 5:02 AM on June 21, 2011 [5 favorites]


Gloved hand on mouse is awesome. As is the Mirror. As is this thread.
posted by Samuel Farrow at 5:04 AM on June 21, 2011 [2 favorites]


I took a screenshot too, and comparing the two it's bizarre to see those large blank spaces you get on webpages actually filled with adverts
posted by ArmyOfKittens at 5:05 AM on June 21, 2011 [6 favorites]


The last four comments are yeah, what I was going to point out.

The only element missing from that hilarious picture is the tail of a white, long-haired cat.

You know, the one all supervillains have.
posted by Chichibio at 5:05 AM on June 21, 2011 [1 favorite]


Why was this data open to the net in the first place, regardless of the lax security around it?

I hope the PR fallout from this isn't "we caught a 19-year-old, that'll keep us safe and deter any other 19-year-olds" but instead "arrest Lockheed's MD".
posted by bonaldi at 5:07 AM on June 21, 2011 [3 favorites]


Hackers put their mice on trackpads! thats the secret.

It lets you do stuff twice as fast.
posted by memebake at 5:08 AM on June 21, 2011 [7 favorites]


Another full uk census is up, not sure if it's Lulzsec or another group but it's fully searchable here.
posted by fire&wings at 5:08 AM on June 21, 2011 [3 favorites]


The only element missing from that hilarious picture is the tail of a white, long-haired cat.

His other hand is wearing a cat glove puppet, which he is using to stroke a cat.
posted by dudekiller at 5:09 AM on June 21, 2011 [18 favorites]


Why hack the census? Isn't the data made public, albeit in anonymised form after a little while?

Because in non-anonymised form, it'd come in quite handy if you wanted to do a bit of identity theft. Or in the case of LulzSec, because they can.

In reality, that'll probably be a 100+-year prison sentence, quite possibly in a US Supermax penitentiary.

See also: Gary McKinnon.

Fingers crossed this means the end of military contractors from other countries collecting UK census data.
posted by jack_mo at 5:10 AM on June 21, 2011 [1 favorite]


So WTF is the point of hacking the census? Is it some sort of commentary on how poorly the government and their sub-contractors have handled security? And there is some "right" but more expensive methodology that the government and LMT should have been using?

If you hack it to prove that point, why release the data?
posted by JPD at 5:12 AM on June 21, 2011


You know, I'd never heard of LulzSec before the senate deal and even now I only ever hear of them in the context of a (completely non-damaging and uninjurious) attack on the United States federal government. It seems like that's all they do, aside from one anemic attack against a game company.

It's gotta make you wonder
posted by This, of course, alludes to you at 5:16 AM on June 21, 2011 [1 favorite]


They're keeping' it under lock and key' but what if someone hacks the hacked data? Could LulzLuzSec be on the prowl with overglovedhand-on-mouse-on-trackpad-on-iPad?

Also: this sucks.
posted by freya_lamb at 5:18 AM on June 21, 2011


It's gotta make you wonder
why your opinion would matter, given how little you confess to know about it.
posted by Threeway Handshake at 5:19 AM on June 21, 2011 [1 favorite]


@JPD The UK census pretty much relies on its guarantee of anonymity to get people to fill in the forms honestly. If people thought that their answers would be splashed across the net for all to read at will then you can be pretty sure that a much larger chunk of them would simply refuse to fill in the forms at all.
posted by pharm at 5:21 AM on June 21, 2011


The only element missing from that hilarious picture is the tail of a white, long-haired cat.

Glove & Mouse Barn has you covered.
posted by emmtee at 5:22 AM on June 21, 2011 [1 favorite]


Fingers crossed this means the end of military contractors from other countries collecting UK census data.
Hopefully, though I'm not sure home-grown contractors are much better, frankly.
posted by bonaldi at 5:22 AM on June 21, 2011


bonaldi: "Hopefully, though I'm not sure home-grown contractors are much better, frankly."

How dare you badmouth Group 3?

they used to be Group 4 but 1 but nicked.
posted by ArmyOfKittens at 5:25 AM on June 21, 2011 [2 favorites]


@Threeway Handshake

I'm not making any assertions, Threeway Handshake. I'm just saying, it seems sort of unusual to me.

Perhaps you have some experience with this sort of thing?
posted by This, of course, alludes to you at 5:27 AM on June 21, 2011


If you hack it to prove that point, why release the data?

Because if the credible threat that you may release the data does not exist, the government has no incentive to do anything except deny the security breach and quietly arrest those involved.

Lulzsec may not be the most subtle or mature entity to ever tangle with an ethical issue, but they're not doing as badly as they might be. They claim they're currently reformatting the data for release. If they do release it without anonymizing it somehow, then it will be a, how do you say, epic fail.
posted by Salvor Hardin at 5:28 AM on June 21, 2011


The only element missing from that hilarious picture is the tail of a white, long-haired cat.

Glove & Mouse Barn has you covered.


Good link - those white supervillain cats usually don't have names, but you've blown the lid off of that little secret.

They're obviously all named Dusty Pups.

Derail aside, I agree with freya_lamb: this sucks. I was uneasy with the census, online or not, but this scary woman kept coming to our flat and gently threatening us with £1000 fines if we didn't comply. Now this. Seriously, what the fuck was the government thinking? "Oh, we're 100% safe from hacking with Lockheed Martin; they make fighter planes and stuff, right?"
posted by Chichibio at 5:31 AM on June 21, 2011


If you hack it to prove that point, why release the data?

Security bods have been ignored for decades. It's starting to look like sheer embarrassment is the best tool available to get something done.
posted by Leon at 5:33 AM on June 21, 2011 [2 favorites]


As an aside, Lockheed Martin has the freakiest corporate motto ever:

"We never forget who we're working for."

Somebody reads too many Tom Clancy novels, methinks.
posted by Chichibio at 5:34 AM on June 21, 2011 [4 favorites]


I just realised this is sort of how Live Free or Die Hard starts. I'm off to find a bald man to hide behind.
posted by ArmyOfKittens at 5:35 AM on June 21, 2011 [3 favorites]


So WTF is the point of hacking the census?

for the lulz, duh
posted by fungible at 5:42 AM on June 21, 2011 [6 favorites]


I'm not terribly impressed by LulzSec's target list this far. Yeah, senate.gov was funny, but clearly they don't understand that sql injection is but the first of an array of techniques.

We gained all HBGary's emails because the 14 year old girl who hacked a loosely connected site kept it quiet and social engineered herself into the real goods.
posted by jeffburdges at 5:43 AM on June 21, 2011


If you want a picture of the future, imagine a gloved hand mousing on a laptop trackpad — forever.
posted by chavenet at 5:46 AM on June 21, 2011 [24 favorites]


For some reason, this post makes me think of this.
posted by Dr. Eigenvariable at 5:51 AM on June 21, 2011


I'm not making any assertions, Threeway Handshake. I'm just saying, it seems sort of unusual to me.

Perhaps you have some experience with this sort of thing?


I actually do have plenty of experience with "this sort of thing" - I'm a "security engineer."
But that doesn't have anything to do with this. They are doing it for the lulz. See all these people getting bent out of shape over what they've done? It brings a tear to my eye.
posted by Threeway Handshake at 5:51 AM on June 21, 2011 [2 favorites]


Let's not get carried away too soon.

Anyone can post to Pastebin, where the original claim was made. There's no confirmation on the Lulzsec Twitter account so far. There's no data released so far. A Channel 4 News twitter account says: Office for National Statistics say "no evidence to suggest" 2011 census data has been accessed.

The evidence is very weak so far: just an anonymous claim on a public website. You rage, you lose.
posted by TheophileEscargot at 5:53 AM on June 21, 2011 [1 favorite]


If you're against AntiSec, does that make you AntiAntiSec or ProSec or... ?

How about if someone is against LulzSec, does that make them AntiLulzSec or SersSec?
posted by autoclavicle at 5:54 AM on June 21, 2011


Part of me delights in things like this.

Another part of me just gets a bit worried as to what monster will be awakened when they keep poking the cages as they do.


But surely the only possible good out of these sillies is that the powers that be get their acts together? Otherwise, it's just a bunch to smart-assed teenagers showing off and making a mess for someone else to clean up.

Or worse, that cannot be cleaned up.

No delights for me. I want to see things blowed up, I go to the movies
posted by IndigoJones at 5:54 AM on June 21, 2011


I hope that having my occupation listed as "Wage Slave" and job duties as "It puts the lotion in the bucket" will alert any potential ID thief that my answers are less than reliable. Did anybody seriously provide their real details to the UK Government Lockheed Martin the US Government?
posted by Jehan at 5:57 AM on June 21, 2011 [1 favorite]


You know, I'd never heard of LulzSec before the senate deal and even now I only ever hear of them in the context of a (completely non-damaging and uninjurious) attack on the United States federal government.

Well, there's the attack described in this thread, on the UK government.

Incidentally, they hacked the UK's National Health Service a few weeks ago, and sent them a nice note to warn them about it: "While you aren’t considered an enemy, your work is of course brilliant – we did stumble upon several of your admin passwords,” LulzSec said in the email. “We mean you no harm and only want to help you fix your tech issues.”
posted by Infinite Jest at 6:00 AM on June 21, 2011 [5 favorites]


I wonder if hacking the census results would be considered an Act of War? I
posted by three blind mice at 6:09 AM on June 21, 2011


The UK census pretty much relies on its guarantee of anonymity to get people to fill in the forms honestly. If people thought that their answers would be splashed across the net for all to read at will then you can be pretty sure that a much larger chunk of them would simply refuse to fill in the forms at all.

Right right right, I totally get why you'd attack LMT's lack of proper security on these sorts of things and using that to encourage the government to change things.

I don't get why you'd want to discourage people from participating in the census. After all its probably the people most marginalized by our current world who are most likely to reconsider their participation in the wake of events like this.

I guess I'm gonna run with well-intended, perhaps not totally well thought out wrt to the end result
posted by JPD at 6:10 AM on June 21, 2011


So this is the future. A hand, in a leather glove, operating a mouse, on a laptop trackpad, forever.
posted by dirtdirt at 6:12 AM on June 21, 2011 [3 favorites]


From lulzsec:
13.
Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

14.


15.
Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some level.
Oh but they are so nice to the NHS.
posted by Anything at 6:13 AM on June 21, 2011




dirtdirt, see chavenet
posted by memebake at 6:25 AM on June 21, 2011 [1 favorite]


I wonder if hacking the census results would be considered an Act of War?

Being carried out by a non-state actor, it could be an act of terrorism.
Even if it isn't, the UK government will have no problems finding some statute under which to throw the book at him, given that attempting to change any person or organisation to change their behaviour constitutes criminal harrassment in England.
posted by acb at 6:27 AM on June 21, 2011 [1 favorite]


I'm really into the lulzsec theme song
posted by to sir with millipedes at 6:36 AM on June 21, 2011 [2 favorites]


From Lulzsec's Twitter feed a few minutes ago:

Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?
posted by killdevil at 6:37 AM on June 21, 2011


I wonder what happens if all of this hacktivism really does lead towards harsher regulations on the Internet...
posted by codacorolla at 6:42 AM on June 21, 2011


codacorolla: "I wonder what happens if all of this hacktivism really does lead towards harsher regulations on the Internet..."

More hacking! It's the answer to everything.
posted by ArmyOfKittens at 6:45 AM on June 21, 2011


From @LulzSec:
Not sure we claimed to hack the UK census or where that rumour started, but we assume it's because people are stupider than you and I.
It's not real.
posted by TheophileEscargot at 6:45 AM on June 21, 2011 [3 favorites]


The laws are already pretty strict and I wouldn't be surprised if they're already helping bring these guys down.
posted by Anything at 6:45 AM on June 21, 2011


This has all been worth it because The Economist printed the following:

That is surely right. Even so they are no laughing - or lulzing - matter.

In their June 18th issue (page 64, right above the slightly arch correction about Mandelbrot)
posted by atrazine at 6:45 AM on June 21, 2011 [1 favorite]


Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?

Can we look forward to a decade of the "LulzSec number three" being arrested every two months like some kind of underground leadership clown car?
posted by atrazine at 6:48 AM on June 21, 2011 [9 favorites]


Yeah. From the LulzSec Twitter account, as of two minutes ago:
I'm not seeing "we hacked the UK census" on our twitter feed or website... why does the media believe we hacked the UK census? #confusion
One of the most interesting aspects of this whole Anon/LulzSec/Etc dynamic is that the media doesn't really have any idea how to cover it. Rumors just get grabbed and reported at face value, they seem to have no network of sources to vet stuff or get legitimate information from.
posted by verb at 6:49 AM on June 21, 2011 [7 favorites]


Somebody on Reddit is suggesting that the guy who was arrested was a peripheral Lulzsec hanger-on who ran the Lulzsec IRC channel:

Ryan Cleary was the ircop of encyclopediadramatica.ch lulzsec simply had a channel on there, he is not part of lulzsec, i hung out there with the other thousand or so people on that irc, ryan wasnt involved with lulzsec's operations, just gave them a channel, kind of a shitty deal to get v& over an irc channel..

Edit: Don't believe me? Just watch twitter and wait for lulzsec to tweet and remember i told you so.

Edit more evidence: https://twitter.com/#!/anonesc/status/83148535796740096

Edit more stuff: https://twitter.com/#!/anonymouSabu/status/83159348712452096

EDIT I FUCKING TOLD YOU SO: https://twitter.com/#!/LulzSec/status/83164092998758400

posted by killdevil at 6:50 AM on June 21, 2011 [3 favorites]


re: harsher regulations on the Internet

I have a feeling the same arguments that stop us from taxing big businesses ("it will stifle innovation", "companies will move elsewhere") fortunately also mean that any country that regulates its internet too heavily is going to lose out on innovation and flexibility and general productiveness. So if the US comes up with some stupid internet license thing, they'll just lose out to Asia, Europe, and so on.
posted by memebake at 6:50 AM on June 21, 2011


Can we look forward to a decade of the "LulzSec number three" being arrested every two months like some kind of underground leadership clown car?

It was only by torturing his associates that we found this guy's hideout.
posted by orthogonality at 6:50 AM on June 21, 2011 [2 favorites]


Can we look forward to a decade of the "LulzSec number three" being arrested every two months like some kind of underground leadership clown car?

Or like when there's a drone strike on the number 3 lieutenant of training in Afghanistan and, somehow, terrorism still doesn't stop.
posted by codacorolla at 6:51 AM on June 21, 2011 [2 favorites]


Since he ran their IRC server it's not unfathomable that there are logs or monitored traffic that can assist in identifying members, even if he's not one himself.

In any case, what's to keep lulzsec from denying the affiliation of any member who gets arrested?
posted by Anything at 7:01 AM on June 21, 2011 [1 favorite]


Get all the logs and all the details. Then do raids on their houses. I bet you find they own not only a mouse, but also a laptop and sinister gloves.
posted by panboi at 7:20 AM on June 21, 2011 [3 favorites]


So, none of this is true or relevant? A. nobody hacked the census. B. Lulzsec definitely didn't. C. Some minor hacker got arrested. D. Laser-guided laptop glove-mouse man still at large.

I'll just close this up then.
posted by Potomac Avenue at 7:24 AM on June 21, 2011 [2 favorites]


A. nobody hacked the census
Probably not the case.

B. Lulzsec definitely didn't
Correct

C. Some minor hacker got arrested
An ircOP got arrested according to Reddit. This would be the same as if Cortex got vanned because one of us here did something,
posted by Threeway Handshake at 7:31 AM on June 21, 2011


JPD: "So WTF is the point of hacking the census? Is it some sort of commentary on how poorly the government and their sub-contractors have handled security? And there is some "right" but more expensive methodology that the government and LMT should have been using?

If you hack it to prove that point, why release the data?
"

Because "they" aren't white hats. They are, at best, as suggested above "grey hats" -- they aren't (AFAWK) using data to benefit themselves. But they aren't going to go out of their way to work with "the man"...

Lulzsec has said over and over that it's about the LULZ... though they seem to be taking the more grey hat tactic of "we're just pointing out shit security". I can't find it now, but I think it was Ars Technica who had a timeline of the recent hacks (since like April this year) with the wiki attacks, hbgary, Lockheed and RSA, CIA/Congress Defacement, Sony, sony sony sony and more sony, xbox and nintendo, but hey nintendo, we love you so we didn't do shit to you, cuz you're awesome (yes, that's what they said! LOL)... But seriously.

Anyways, if anyone can find the link for that it's interesting. It goes over the stated goals, suspects, etc...

Needless to say there is a LOT of shit going down (Google getting hacked from inside China and being as bold to come out and say it and pissing off the Chinese in the process).

But I'm pretty pissed w/Lulzsec because they are going after government targets (even if a lot of it is front facing stuff - this census data seems a bit more worrisome than "PWNED" written on a website).

And from Ars, in further hack news... Bitcoin exchange market plummets after a hack on the bitcoin system :
The Bitcoin community faced another crisis on Sunday afternoon as the price of the currency on the most popular exchange, Mt.Gox, fell from $17 to pennies in a matter of minutes. Trading was quickly suspended and visitors to the home page were redirected to a statement blaming the crash on a compromised user account. Mt.Gox's Mark Karpeles said that the exchange would be taken offline to give administrators time to roll back the suspect transactions.
posted by symbioid at 7:32 AM on June 21, 2011


to sir with millipedes: "I'm really into the lulzsec theme song"

I could see a parody of Love Shack... "The LulzSec is a little ol' group where... we can HACK TOGETHER!"
posted by symbioid at 7:33 AM on June 21, 2011 [2 favorites]


D. Laser-guided laptop glove-mouse man still at large.

Please check your sheds and outbuildings. £20 reward.
posted by EndsOfInvention at 7:33 AM on June 21, 2011


Does best Bachmann interpretation "LULZSEC WILL BE PUTTING US IN CONCENTRATION CAMPS ANY SECOND NOW, NOW THAT THEY HAVE CENSUS DATA!!!!!!!" (insert whoever is like Bachmann over across the pond... Oh... Yeah... She's too extreme for the UK... *sigh*)
posted by symbioid at 7:36 AM on June 21, 2011


Shouldn't they be saving some of this for the revolution?
posted by Trochanter at 7:40 AM on June 21, 2011 [1 favorite]


Ah, it wasn't ars, it was CNET. They've got some decent coverage, I think. Check it out. It's kinda creepy, really.
posted by symbioid at 7:45 AM on June 21, 2011


Trochanter: "Shouldn't they be saving some of this for the revolution?"

Nobody really likes premature ehackulation.
posted by symbioid at 7:45 AM on June 21, 2011


The Canadian census is a joke compared to the UK census.
posted by Mitheral at 7:50 AM on June 21, 2011


<tinfoilhat>Some days, I cannot help but wonder if Lulzsec is actually a false flag operation secretly operated by the intelligence community as an excuse for governments to clamp down on the Internet.</tinfoilhat>
posted by fings at 7:55 AM on June 21, 2011 [6 favorites]


You'd think that these 1337 h4x0rz could come up with some public-key authentication scheme for signing their official communiqués, to differentiate themselves from fantasists, glory-hounds and false-flag operations.
posted by acb at 8:07 AM on June 21, 2011


@ fings. This. Been imagining who would have all the time, access, skill, etc. to do this. When I read that they were going after Anonymous...well...that tipped the scale for me.
posted by zerobyproxy at 8:14 AM on June 21, 2011


One of the most interesting aspects of this whole Anon/LulzSec/Etc dynamic is that the media doesn't really have any idea how to cover it. Rumors just get grabbed and reported at face value, they seem to have no network of sources to vet stuff or get legitimate information from.

They couldn't just tweet @LulzSec? Is that too 'new media?'
posted by ChurchHatesTucker at 8:17 AM on June 21, 2011




@ fings. This. Been imagining who would have all the time, access, skill, etc. to do this. When I read that they were going after Anonymous...well...that tipped the scale for me.

In your world are "going after" and "teaming with" the same thing?

They're both involved in this whole #AntiSec thing.

And there is no conspiracy; in this day and age is it really so hard to fathom that a bunch of semi-competent hackers are doing it for the attention we so readily foist upon them?
posted by Dark Messiah at 8:34 AM on June 21, 2011


The @LulzSec account has denied that LulzSec is involved.
posted by alby at 8:51 AM on June 21, 2011


These lulzsec attacks don't seem very lulzy. These attacks seem more like things we'd hear some guys at DEF CON or the Black Hat Briefings did. This is all too much security mountain climbing exercises, and destructive studies of system hardiness, and not enough lulz.

Lulz could have been had, however, if they had replaced everyone's religion with Jedi Knight. Or if they just deleted everything, thus requiring that the census to be done all over again.
posted by TwelveTwo at 9:11 AM on June 21, 2011


Yeah - Lulzsec has a lot of anon style logic behind it, I think. There seems to be no coordinated ideology. They say it's for lulz. They say it's for exposing shitty IT/Security practices. Their actions seem to be a mishmash.

Have they released any data publicly that can be used against people (i.e. personally identifying info? databases? usernames? passwords?)

the spreadsheet isn't clear on what "exposed" means. I'd hazard that lulzsec is mostly harmless.

A lot of the attacks seem to be simple SQL injects and DDOS. Though there do seem to be a few more advanced and nefarious attacks and that's what I find interesting. Script kiddie amateur stuff (defacing PBS?) to potentially more advanced ("source code" from Zenimax?) to potentially National Security stuff (Infragard - usernames/passwords 'leaked' (again - what's that mean? published publicly or just accessed by the hackers?)

But from what it sounds like lulzsec doesn't claim this particular attack on the census? I'm confused WAS there an attack on the census stuff? Or was that not true, either?

I do like that they're offering to help Sega because "they liked the dreamcast" LOL...
posted by symbioid at 9:22 AM on June 21, 2011


Have they released any data publicly that can be used against people (i.e. personally identifying info? databases? usernames? passwords?)

Yes, they released account information on tens of thousand of people from game company websites and encouraged their fans to harass those people.

But, then again, they actually said like the NHS! They're so delightfully morally ambiguous that we should all cream our pants.
posted by Anything at 9:33 AM on June 21, 2011 [1 favorite]


Has anyone checked their twitter feed? According to #LulzSec... this was not them.

https://twitter.com/#!/lulzsec
posted by yoyoceramic at 9:38 AM on June 21, 2011


>So if the US comes up with some stupid internet license thing, they'll just lose out to Asia, Europe, and so on.

Governments routinely choose the consolidation of their own power over the prosperity of their citizens. Remember, no matter what the conditions of life are like for the teeming masses, they're always fairly good for those with a hand on power's lever.

Really, this lulzsec thing, and the inevitable reaction to it, will very soon emerge as a case study in why The Government (the US, and others) will once again get away with saying, "And this is why you can't do ___________, without ___________."

Nice things? Here's why you can't have them.
posted by darth_tedious at 9:50 AM on June 21, 2011 [2 favorites]


If I was going nuts trying to track down some hackers, I would shake down anyone who might know who they were, perhaps haul in some op and say "We know you are the mastermind, prove you aren't"

Then again, I watch too many cop shows.
posted by Ad hominem at 10:16 AM on June 21, 2011 [1 favorite]


Anything: "Yes, they released account information on tens of thousand of people from game company websites and encouraged their fans to harass those people."

I can see them as having released info (which is indeed bad) but did they actually encourage people to harass the people? Can you show me where this happened? It's bad enough of course releasing data like that publicly, but it really seems over the board to encourage harassment, and I have a hard time swallowing that... I'd appreciate any context/sources for such a posting of encouragement. Thanks!
posted by symbioid at 10:16 AM on June 21, 2011


I referred to their pastebin post above:
You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
posted by Anything at 10:26 AM on June 21, 2011


But surely the only possible good out of these sillies is that the powers that be get their acts together?

No, as mentioned above, this ties perfectly into the push by Obama for a national digital identity infrastructure. Before, it looked like the plans were to hand that authority over to the Commerce Department. I wouldn't be surprised now if these events tilt the favor back over to the NSA.

There's no way they can't react. Yeah, Internet loliticians might find the hackings hilarious, but consider the majority of Americans hearing "the CIA has been hacked." They may not really have a distinction between public facing website and internal secure networks.
posted by formless at 10:45 AM on June 21, 2011 [2 favorites]


In addition to that they retweeted a bunch of fans telling how they've used the account data to impersonate people's girlfriends etc. to fuck with their heads. I linked to screenshots of some of those retweets above. They've since removed some of what they posted but I saw them myself when they were still up.
posted by Anything at 10:45 AM on June 21, 2011 [1 favorite]


Thanks for the info. It just annoys the piss out of me that this might cause a crackdown. Like someone said above "aren't you supposed to wait until the revolution happens"? Now they're making the web shittier...

"National Digital Identity Infrastructure"??? What. The. Fuck.
posted by symbioid at 10:53 AM on June 21, 2011


national digital identity infrastructure was my phrasing. The phrasing used by the administration is "National Strategy for Trusted Identities in Cyberspace".
posted by formless at 11:04 AM on June 21, 2011


Just because you can do a thing does not mean it is a good thing to do.
posted by Ironmouth at 11:11 AM on June 21, 2011 [1 favorite]


You are just saying that because you can't fit these many boiled eggs in your mouth.
posted by TwelveTwo at 11:16 AM on June 21, 2011 [4 favorites]


So wait... the UK Census is hacked or not?

One of the worst things* is that my 21 year old son's smugness levels are going to go through the roof. He was refusing to fill in the census and I told him to do his civic duty and stop being paranoid. Fuck.

*not really
posted by jiroczech at 11:36 AM on June 21, 2011


Even with a national internet id card, the same principles apply as an actual card such as fraud, impersonating, hacking, copying and stealing. Besides the minute anything like this rolls into place people will (and already have) develope ways to circumvent the system. The idea is flawed from the start and will only create more problems, and take away the assumed (I know it doesn't exisit fully without taking measures) privacy we enjoy.
posted by handbanana at 12:00 PM on June 21, 2011


The point of any proposed national digital identity infrastructure is that everyone will be guilty of circumventing the system, and everyone will be suspected of fraud. It won't be law, it'll be blackmail. It will only be used to prosecute those labeled a threat to national interests.
posted by TwelveTwo at 12:17 PM on June 21, 2011 [1 favorite]


>>Besides the minute anything like this rolls into place people will (and already have) develope ways to circumvent the system.

How many people are really going to dedicate their lives to walking the Eightfold Path of Seven Proxies and a bank in St. Kitts?

Not many-- and likely, taking too many obvious steps in that direction probably itself puts you on some list.

>>The idea is flawed from the start and will only create more problems

...So the bureaucracy that will be put in place to tackle this hard assignment is really going to require a lot of funding, support, and freely-given cooperation. Thank you for your input, Citizen.
posted by darth_tedious at 12:19 PM on June 21, 2011


darth_tedious writes "How many people are really going to dedicate their lives to walking the Eightfold Path of Seven Proxies and a bank in St. Kitts?"

The biggest problem with this strategy is it'll only work for regionalized services. So sure it'll sort of work for banks and schools and some government services but it isn't going to work for email or Flickr or Twitter et ad nauseum where significant portions of the user bases aren't americans.
posted by Mitheral at 12:26 PM on June 21, 2011 [1 favorite]


Sometimes the failure of a law is the point of the law.
posted by TwelveTwo at 12:28 PM on June 21, 2011


"whoever is like Bachmann over across the pond... Oh... Yeah... She's too extreme for the UK... *sigh*)"
posted by symbioid at 3:36 PM on June 21

This Tory MP is the best we can do: Nadine Dorries
posted by marienbad at 1:14 PM on June 21, 2011


So wait... the UK Census is hacked or not?

At the moment, all signs point to no.
posted by alby at 2:05 PM on June 21, 2011


They've even hacked alby's magic eight ball!
posted by TwelveTwo at 2:06 PM on June 21, 2011


"The biggest problem with this strategy is it'll only work for regionalized services. So sure it'll sort of work for banks and schools and some government services but it isn't going to work for email or Flickr or Twitter et ad nauseum where significant portions of the user bases aren't americans."

Couldn't they just have the security on the level of the ISP? There are only a small number of ISPs compared to the number of Americans, and most of them are large companies that have rolled over for the government before.

So hypothetically, when your modem tries to connect to the ISPs network a pop-up box will say "Please enter your national ID number." And after that the ISP keeps a record of all the activity associated with that ID, until the next log-in. Then law enforcement can use those logs to connect ID numbers with IP addresses in a specific period of time, and subpoena services like Twitter for all activity by IP XXXX on such and such a date.
posted by Kevin Street at 2:56 PM on June 21, 2011


So hypothetically, when your modem tries to connect to the ISPs network a pop-up box will say "Please enter your national ID number." And after that the ISP keeps a record of all the activity associated with that ID, until the next log-in. Then law enforcement can use those logs to connect ID numbers with IP addresses in a specific period of time, and subpoena services like Twitter for all activity by IP XXXX on such and such a date.

What I don't understand about this is why you aren't just requiring people to install cameras and microphones in to their homes and monitor them 24x7?
posted by iamabot at 3:38 PM on June 21, 2011 [1 favorite]


Kevin Street writes "Couldn't they just have the security on the level of the ISP?"

Probably. But that won't affect me in any way not being in the US which is why it'll only be effective for services that either only serve americans or are willing to flush all non-american users.
posted by Mitheral at 3:50 PM on June 21, 2011


AntiSecs, now there's a cause my cold, protestant heart can get behind.

Oh, wait, AntiSec? What in the duece...
posted by Slackermagee at 4:35 PM on June 21, 2011


"What I don't understand about this is why you aren't just requiring people to install cameras and microphones in to their homes and monitor them 24x7?"

That's a lot of cameras. And even the US couldn't afford to pay so many government agents to sit around and watch people watch porn or type. Maybe China could, but they don't have to worry about paying for health care and pensions.

I was just wondering how a simple ID system would work. Of course it would be a horrible idea for civil liberties reasons, and it would be relatively simple to steal other people's ID numbers (especially if the numbers are included in the census), then go to town doing illegal stuff with their identity.
posted by Kevin Street at 5:57 PM on June 21, 2011


What I don't understand about this is why you aren't just requiring people to install cameras and microphones in to their homes and monitor them 24x7?

It isn't important to know what anyone is doing at any time. However, it is important to know, at any given time, everything a person has done up until then. The future of intelligence has more of an Eye of Sauron quality to it, and less of a panopticon Orwellian vibe. If the eye catches sight of you, the eye sees through you, it sees deep into your heart, and it sees where you are and where you have been and where you are going.

The real problem is when court time comes around. You know how a few years back an American got tried in Italy and convicted for murder, but the supporting evidence was only the word of the police, and a picture of the defendant from myspace. The picture showed him holding a novelty gun at a comic convention, which showed the jury that he was a violent person. Yeah, the future of the criminal justice system is going to be like that times a billion. You see those anti-government comments you made on Metafilter in the May of 2007 and the August of 2009. You borrowed the Anarchist Cookbook from your college library twice. Your internet logs show you have visited 4chan more than once. You downloaded a public domain copy of the Koran. You have a photo of yourself in front of a statue of Lenin and another with you in a lewd pose next to the Washington Memorial. You once said you would kill the president for what he had done, kill? What has he done? If not for our work at the DHS you just might have been the next unibomber.
posted by TwelveTwo at 6:13 PM on June 21, 2011 [9 favorites]


As an aside, Lockheed Martin has the freakiest corporate motto ever:

Raython uses (used to use?) the motto "We Own The Kill Chain". That is a freaky corporate motto.
posted by cmonkey at 10:55 PM on June 21, 2011




Wow, some well known sites (Instapaper and Pinboard) suffered a little collateral damage there, not to mention all the others that had nothing to do with Lulzsec. You fail at the Internet, FBI.
posted by Kevin Street at 12:50 AM on June 22, 2011


Authorities closing on LulzSec

I hope their most skilled hackers don't get caught, even if they're just hitting up lame targets of opportunity. There is a worldwide need for more hactivism. All the lulzy hackers may inspire people with more deep seated moral convictions. And their theme song has class.
posted by jeffburdges at 6:22 AM on June 22, 2011




marienbad: ""whoever is like Bachmann over across the pond... Oh... Yeah... She's too extreme for the UK... *sigh*)"
posted by symbioid at 3:36 PM on June 21

This Tory MP is the best we can do: Nadine Dorries
"

*shakesheadinsadness*
posted by symbioid at 8:46 AM on June 22, 2011


There is a worldwide need for more hactivism.

Convince me.

Because most of what I've seen has been childish, criminal, thoughtless, or all three.

I am genuinely persuadable, but given the self justifications I've read (the lulz do say they do it for shits and giggles, which is at least honest of them) and the fact that there are still journals of record that will publish things that deserve to be leaked, I don't see enough benefits to outweigh the considerable costs. Plus also, nice things, we can't have, this is why.

As a by the way, I like to know the identity of my deep throats. I like to know what motivates them, where their moral convictions are potted, and how deeply rooted, so I can judge how they might be shading truth, or indeed, making it all up. Hard to take things seriously when all I get from behind the green curtain is the sound of adolescents failing to stifle laughter.
posted by IndigoJones at 12:31 PM on June 22, 2011


But surely the only possible good out of these sillies is that the powers that be get their acts together?

That would be a pretty significant amount of good, if it did come to pass as a result of lulzy hacking. We used to just assume that big, serious organizations would pay attention to security, but that was optimistic. White-hats tried quietly reporting security holes via the proper channels, but that didn't help. Publicly disclosing the existence of flaws didn't help. Publicly disclosing the existence and details of flaws along with a step-by-step How To Rob The Bank Guide helps a little but not as much as we'd like. Maybe anon-style hackery-mockery will help more. Maybe we need to have troops of monkeys smearing shit on corporate lobbies before they'll bother to put locks on their doors.

The point is, LulzSec didn't make the UK census any less secure. All they did was make us aware of the problems. The black hats are rummaging through your census data anyway, regardless of LulzSec's antics.

Couldn't they just have the security on the level of the ISP? […] So hypothetically, when your modem tries to connect to the ISPs network a pop-up box will say "Please enter your national ID number."

Er… this is roughly how it already works. All of your traffic is tagged with a (temporarily unique) ID number: it's called an IP address, maybe you've heard of it. DHCP servers and, sometimes, NAT devices log enough information to trace an (IP address, timestamp) pair back to a customer. The ISP's billing department can associate that customer identity with street addresses, credit card numbers, realtime phone-geolocation data, etc. Pass a law requiring ISPs to retain those logs for some amount of time and surrender them on demand, and Orwell's your uncle.

As a by the way, I like to know the identity of my deep throats. I like to know what motivates them

Oh come on. What makes you think you know any more about the identity or morals of your other deep throats than you do about LulzSec? For that matter, how do you know LulzSec isn't a collection of grim philosopher-priests putting on a carefully calculated act?
posted by hattifattener at 9:43 PM on June 22, 2011


I feel odd arguing the merits of a hypothetical system of horrifying control that I wouldn't support anyway, but... The point of having an ID number would be to associate one person with any number of phones, laptops or computers in different locations. Use the WIFI at the coffeeshop, the Kindle browser, a cybercafe or whatever, and Big Brother would still know it's you.
posted by Kevin Street at 10:25 PM on June 22, 2011




If someone logs into your Facebook and posts something libelous about a friend of yours; are you liable? If you log into your Facebook and post something libelous; is there reasonable doubt it wasn't you?

Answer that, and you'll find it easy to construct my opinion on the matter of a universal digital identity system.
posted by TwelveTwo at 10:53 PM on June 22, 2011


There isn't nearly enough transparency in the corporations and governments that run our lives, that's why we need both leaks and hacktivism. LulzSec are simply the usual "hack it cuz it's broken" grey hats, not hacktivists.

Any real hacktivist would've sat upon all the passwords the turned up, using them for hacking into more important sites, eventually finding & publishing really damaging information. Or perhaps revealing corrupt individual's account & passwords to "direct action" types affiliated with organizations that're interested in preventing that individuals particular brand of corruption.

There isn't much chance of LulzSec growing into a real hacktivist organization, but maybe they'll inspire others.
posted by jeffburdges at 11:37 AM on June 23, 2011


Oops, I might need to eat my words (torrent). yey!
posted by jeffburdges at 5:31 PM on June 23, 2011


Woah... I just came in here to post what you did, jeffburdges...

I still don't know what I think of them. I think they, like anon, have both hacktivist elements and lulz elements, and no-one is quite sure what to do/think. which is a shame, because while lulz can be ok, it can turn off a lot of potential support.

but then you see this AZ dump and... damn.
posted by symbioid at 10:44 AM on June 24, 2011


« Older Peter Govaars finds a washed-up camera on a...   |   Go Back to Where You Came From Newer »


This thread has been archived and is closed to new comments



Post