Hacking Group LulzSec Denies Arrest Report
The hacking group, also known as the Lulz Boat, claims credit for releasing Sony's developer network source code on Monday, recently exposing one million Sony passwords, hacking PBS with fake news, and also releasing passwords for members of the FBI partner organization InfraGard's Atlanta branch. The latter was in response to government plans to classify some types of cyber attacks as acts of war.
But according to an anonymous post, submitted via a Hushmail
account, to the Full Disclosure mailing list on Monday, law enforcement
agencies are finally closing in. "One of them is already in FBI custody,
and the rest are probably about to follow him." The poster named the
arrested hacker as New York resident Robert Cavanaugh, "alias xyz, alias
ev0." The post also contained an alleged transcript from an IRC chat
channel used by LulzSec, in which one of the participants urges the others to
leave the chat channel. "This is serious, military hackers trying to hack
us."
In a statement released on Monday, however, LulzSec said
that the arrest reports were untrue, or at least not related to the group.
"Also, 'ev0', who was allegedly arrested (?) was never a part of LulzSec
or in fact the subcrew. We don't even know who he is," it said.
According to LulzSec, its members did post to the chat
channel, but they said it wasn't used for core operations. "Those logs are
primarily from a channel called #pure-elite ... where we gather potential
backup/subcrew research and development battle fleet members, i.e. we were
using that channel only to recruit talent for side-operations." It also
said that its core team remained "at full strength."
Indeed, on Tuesday, the group's Twitter feed suggested it
was business as usual, with a post that read, "6 out of 17, anyone else
wanna play?"--in reference to the number of times it had hacked into Sony
websites, and a detailed timeline posted at Attrition.org. Furthermore, the
group said it had recently received $7,853 in donations, including a single
donation of $7,600 on Monday.
But even if law enforcement agencies do identify and arrest
LulzSec members, security experts said that targeted organizations, including
Sony, might still see no respite. "It seems that now Sony has become a
laughing stock amongst the hacking community," said security expert John
D'Arcy, assistant professor of IT management at the University of Notre Dame,
via email. Indeed, the company's websites continue to be exploited--by LulzSec
and other, even more anonymous attackers--via SQL injection attacks and other
well-known Web application exploit techniques.
Accordingly, even with law enforcement agencies likely
intensifying the hunt for LulzSec members, at least in the short term, Sony
must save itself. "There is little that can be done by law enforcement and
the FBI to help with the situation. In terms of computer crime, hacking, etc.,
the bad guys are still well ahead of the good guys," said D'Arcy.
"Given the ease with which these hacks can be conducted, and the anonymity
that is associated with these attacks, and jurisdiction issues that prevent
U.S. law enforcement from going after certain international hacking groups, it
is likely that the bad guys will remain in the driver's seat for the
foreseeable future."
Comments
Post a Comment