Girl Power
Now Who's in Charg
Fatigue Makes Cowa
Winner Winner, Chi
The Good Things in
Anything Could Hap
Bum-Puzzled
Got My Swag Back
What's the Beef?
The Hidden Immunit

aipuck.com
The Sea Slug Slugg
Unstable love poem
Would You Be My Br
Tell ’em that it’s
Last Push
Two Tribes, One Ca
Video Games, XBOX,
But it’s your arms
Turf Wars
<<      >>
Darkweb entrapment" which is much more difficult to detect and remove. This is the same method employed by the hacker known as Sabu, as described by Wikileaks in its recent document release. The site is still being monitored and shut down by webhosts. The data center of the original website remains online, along with some images of the hacker's code. The site will continue to remain online in another form until a lawsuit brought by Sabu against LulzSec is settled. "The internet’s black market has had a price war on its hands for a long time now. More and more black hats are trying to do more and more, to get a bigger piece of the action, to give them a niche in an overcrowded and competitive market," reports Ars Technica. "Lulzsec is just the latest development in this ongoing trend. And their actions may be another step towards cybercriminals taking up online extortion to build their warchests." "It’s a matter of pride and respect when people steal from you, rather than the kind of shame that comes with a simple cash grab," said Lulzsec on Twitter. "We aren't the people that start wars, we're the people that end them. You do the math." Security analysts have taken to Twitter to discuss what these developments mean. As The Register notes: Graham Cluley of Sophos said it was possible the Anonymous hacker might be part of Lulzsec, as it is likely he is from the UK. "This could be anyone at all," Cluley told The Reg. "The IP addresses could have been hijacked by any other group or individual - it would be quite easy to spoof the IP addresses and give them out to others." He also suggested that the LulzSec Twitter account might not be the legitimate website as it had been updated so many times and tweeted from different accounts. "We might also expect to see a huge spike in traffic, as hackers are going to be attempting to hack this site," said Cluley. Cluley's thoughts are similar to the findings of Internet security firm Imperva, which found that the IP address of the "Lulzsec" Twitter account had been spoofed. Imperva also looked at Twitter accounts including "Anonymous" and "Lulzsec," as well as the website "gawker.com" and "hackread.com." Imperva found that the IP addresses of "Anonymous" and "Lulzsec" had been spoofed and linked the hacker to France and the Netherlands, rather than from the UK, which is usually assumed in this case. "We have no way of knowing if these accounts are legitimate, and we did our best to verify them," said Imperva's Nick Barrie. "But as a matter of caution, our assessment is that the accounts are most likely not authentic." Security firms have also been quick to downplay the significance of the data posted by the hacker. "To the layperson, this data dump appears to confirm the group’s claims. Yet security experts quickly identified that there was no indication of a breach or breach attempt of any major data center," reported Ars Technica. "That means there is no indication that the data has anything to do with Stratfor, and that it's simply the personal stuff the hackers had stored on these 'drop boxes.'" Hector Monsegur, a well-known Anonymous hacker and associate of Sabu, told Ars Technica that he thinks the Lulzsec Twitter account is probably a troll. He suspects the account and possibly the data are being used to lure security experts to see how quickly they can spot a hacker on the loose. "I'd like to think that this is a prank of sorts. And I don't mean just a little one," Monsegur said. "This is a long-term, planned-out event." "I bet this account has had a lot of attention on it before. In fact, I'd be surprised if it didn't. These guys are going to get as much publicity as they can get, I'm sure. And that's a good thing. If anything, the fact that this has not already been debunked will cause experts to look closer at this story, and that's good for us." In related news, Lulzsec said that it would be releasing 1,000 Twitter login details to the public via Wikileaks "within the next few weeks," but this has not yet materialized. In other Lulzsec news, the hacker group and Sabu are scheduled to appear in federal court today in the case of "United States of America versus Hector Xavier Monsegur, AKA Sabu, AKA Tflow, AKA Xavier DeSalle," which has been brought against Sabu for "copyright infringement, illegal wiretapping, and hacking the Web site of the FBI." An excerpt from a recent article in Fortune Magazine: I asked the ex-hacker if he had anything to say to law-enforcement officials who might be reading this article. "No." [...] The hackers say their aim is to provoke companies and governments to change the way they operate. In addition to the leak of the FBI's files, they also published a file on Stratfor's Web site that allegedly belongs to the Texas Department of Public Safety, along with credit card numbers and encrypted passwords for Stratfor's users and customer-support reps. Many credit card numbers appeared to be for prepaid cards. Some of the group's operations may violate federal and state laws, but it's not known if there will be any legal consequences, because many of the actions are illegal only on paper. The Internet is still governed by the same laws as U.S. Postal Service mail — though it's far less secure. You can't deliver letters in a bomb-shaped cylinder and expect it to be treated as mail, but email is a bit easier to justify in court. This is true even though many websites store the credit card numbers. This is an artifact of the card's design and the way it's used, not an inherent property of the credit card. As Ars technica has noted, "Card issuers have been sending out mailers to its customers telling them that anyone accessing their credit cards online should be using industry-accepted data security practices." Despite the many flaws of the system, even if there was no Lulzsec, the system would be the same. The actions of these hackers expose a major issue. The FBI was unable to respond to the breach with any speed because "computer intruders can use any one of hundreds of popular, free products such as Nmap or Wireshark to test a network's vulnerability and determine when it might be attacked." But the FBI is hamstrung by the fact that it is "constitutionally barred from hacking because Congress has not specifically authorized such activity," says Fortune. It's unclear if the feds will have to change their rules to deal with these new threats. But if a government is going to be vulnerable to any hacking it should be easy to fix. The same protections given to the Department of Defense should be extended to ordinary citizens. Any agency that is concerned about this problem should encourage individuals to use simple techniques like encryption to protect themselves. "There will come a day when you have to go to that website from your computer and you don't even know where you are going," said Mike Bahn, a veteran hacker and the head of BAHN Technologies, Inc. "Our government is completely powerless and unable to keep us safe from the bad guys and their tools." "The FBI is looking for two kids, and we feel bad for them. But it doesn't change anything," said Sabu in a recent interview. "You can hide as many things as you want." Security experts have long understood that cyberwarfare can result in a state of "perpetual war," and the actions of Lulzsec and similar groups have served to reinforce the dangers.