Talk:LulzSec
Computer Security: Computing Start‑class Low‑importance | ||||||||||||||||||
|
A fact from LulzSec appeared on Wikipedia's Main Page in the Did you know column on 11 June 2011 (check views). The text of the entry was as follows:
|
LOLs
I have never heard the term "LOLs." "Laugh out louds"? It sounds terribly strange; wouldn't it be more logical to say that "lulz" derived from "lol"? What meaning could be ascribed to "LOLs"? Cholo71796 (talk) 02:50, 18 June 2011 (UTC)
Contested deletion
This page should not be speedy deleted because... This group has conducted several high profile attacks. Including, hacking into PBS to steal data and post a fake news story. They also stole 1000000 accounts from Sony. I don't think this group is temporary they will probably keep conducting attacks or go to jail for a long time after a high profile trail. There is a lot of media attention on this group so there are tons of reliable sources. I'm trying to get this right, but this is my first article, and I apologize for any mistakes. Polyquest (talk) 00:37, 3 June 2011 (UTC)
- While I'm not convinced that the group is really notable, a credible assertion of notability is made, so I've declined the speedy deletion. Acroterion (talk) 00:46, 3 June 2011 (UTC)
- I'll work on the article, and I've put a notices in two related Wikiprojects to try to get editors to help on this. We'll just have to see if, after a little while, an article can be created that looks notable.Polyquest (talk) 00:54, 3 June 2011 (UTC)
A few comments: to be precise, they claimed credit for the attacks, so I would say that. We should not confuse what people say on the Internet with reality. It is a bit newsy, so perhaps more relevant to wikinews in style. Indeed, if there is a follow-up investigation, we can add more info (with dates and context) to see if the article survives. W Nowicki (talk) 16:16, 3 June 2011 (UTC)
Picture
There is a picture of their logo here. The upload image process is a bit complex. Do you think there would be any copyright issues if I uploaded this image for the article? Polyquest (talk) 20:37, 3 June 2011 (UTC)
- No, I think ArsTechnica made that image based on this tweet. --Pmsyyz (talk) 19:45, 4 June 2011 (UTC)
- Always assume anything published is copyrighted, unless there is evidence it is not. So no, cannot use it. W Nowicki (talk) 22:32, 4 June 2011 (UTC)
- Would the image from the Twitter feed located here fall under fair use? Lulz Security doesn't strike me as a group that would assert ownership of a copyright. I know that other articles like McDonald's use the companies logo. Polyquest (talk) 22:36, 4 June 2011 (UTC)
- I would say it is fair use as a logo that an organization is using to represent themselves. かんぱい! Scapler (talk) 20:46, 6 June 2011 (UTC)
- It seems to be all right under the policy, but there is a bit of ambiguity. I've posted it, and hopefully it won't be a problem.Polyquest (talk) 02:53, 7 June 2011 (UTC)
Made some edits
This group is beyond deletion and definitely notable now. I can't keep up with all the stuff that has been going on. I have made a bunch of edits to try to keep this article up to date, but I know some things are outdated or inaccurate like the section on the Lulzsec "arrest", their sixth attack on Sony, and the Unveilled section. I am a bit tired, be here is a great balanced article on them: http://www.dailytech.com/UpdatedLulzSecs+Strikes+Latest+Victims++Hacker+Mag+2600+FBI+Affiliate/article21818.htm
Feel free to use the information from this article, the events are accurate. 24.18.243.189 (talk) 03:15, 7 June 2011 (UTC)
Page move
Per WP:COMMONNAME, I believe this article should be moved to Lulzsec. Though technically the organization's full name is Lulz Security, they themselves hardly refer to the group by this name and the media has incredibly rarely called them anything other than Lulzsec. With this overwhelmingly being the common name to refer to them with, the page should be moved to Lulzsec and the current title redirected there. The organization's Twitter uses the name Lulzsec, as does the front page of their website. A Google News search reveals about 2,410 results for "Lulzsec" and about half as many results for "Lulz Security", and most of those that do include the name "Lulz Security" also refer to them as "Lulzsec" whereas news articles on "Lulzsec" do not as often refer to them by their full name. かんぱい! Scapler (talk) 15:36, 8 June 2011 (UTC)
- I think the Google News results are compelling. I agree that a move is probably a good idea. Polyquest (talk) 16:26, 8 June 2011 (UTC)
- Agreed, I'll see if I can get someone to move it over the redirect. Qrsdogg (talk) 01:14, 10 June 2011 (UTC)
Error! Mixing up LulzSec with LulzRaft
They are two completely difference groups. LulzSec did sony, PBS and so forth, LulzRaft is responsible for the conservative attacks. Proof is their two seperate twitters and direct claims from the group, LulzRaft considers themselves to be fans. Oh nevermind, camel already got it for me! Thanks! (talk) — Preceding unsigned comment added by 68.71.30.2 (talk) 19:46, 9 June 2011 (UTC)
Black hat, not grey hat
I've changed the characterization of LulzSec in the first sentence from grey hat to black hat. As I expect that this will be controversial, I've elected to explain my reasoning here.
The BBC article cited by the original characterization is incorrect. The author seems to believe that black hat hackers are always motivated by profit. This is not true; as explained elsewhere on Wikipedia (see the above link for grey hat), a black hat is any hacker who aims to exploit security vulnerabilities, as opposed to merely trying to find them. LulzSec clearly falls into this category, as they break into servers and publish their data "for the lulz".
Anyone who disagrees is invited to discuss this here. Hopefully this doesn't become an edit war. PhageRules1 (talk) 02:59, 11 June 2011 (UTC)
- I removed the claim that they are "black hat" as original research for now. We must stick to descriptions of the group published by reliable sources, can you find reliable sources describing them as "black hat"? There are a few describing them as "grey hat" [1][2][3] Qrsdogg (talk) 04:12, 11 June 2011 (UTC)
- Sorry, Wikipedia doesn't count as a reliable source. The definition mentioned above at grey hat is (falsely) sourced to a Linux manual. This is a rarely-mentioned term in mainstream media, and if this is what RS think it means, what choice do we have? ▫ JohnnyMrNinja 05:29, 11 June 2011 (UTC)
- Ok, I re-added the "Grey hat" bit, I'm open to the idea that CNN and the BBC aren't infallible, but we'll need some sources to change the description in the article. Qrsdogg (talk) 05:33, 11 June 2011 (UTC)
- While I do agree that these hackers are black hat and that the media has been using the term grey hat incorrectly, unfortunately, I found no reliable sources that call them black hat. I think we have to keep it the way it is for now. かんぱい! Scapler (talk) 16:09, 11 June 2011 (UTC)
- If the terms black hat and grey hat are likely to confuse perhaps it would be best to remove hat based characterizations all together. Does the designation provide additional insight? Polyquest (talk) 02:06, 12 June 2011 (UTC)
- Well, we really don't have to specify which hat they are. In cases where there's a consensus that the reliable sources are wrong on an issue (i.e. Joseph Evers) I think it's ok to omit what they're saying (although one can't say, "Sources say X, but they're wrong" on the page itself) as long as we're not posting our own view of the issue on the page itself. Qrsdogg (talk) 03:42, 14 June 2011 (UTC)
- This is Wikipedia, a consensus of reliable sources can't be wrong, unless another reliable source says so. If reliable sources that say anything, and they all say the same thing, then that is the truth as far as Wikipedia is concerned. Deliberately excluding relevant information because you don't agree with it, but can't find any sources to back that claim up, that's just not good editing. This may be a flaw in the core of Wikipedia, but it is still the core of Wikipedia. Besides, it's a neologism, and its definition is subject to change without prior notice. ▫ JohnnyMrNinja 15:33, 14 June 2011 (UTC)
- A Twitter update claims that they do not have a label. I know we love labeling things, but I'm just bringing this point up for discussion. http://twitter.com/LulzSec/status/82185906878029824 Strelok 21:21, 18 June 2011 (UTC)
- This is Wikipedia, a consensus of reliable sources can't be wrong, unless another reliable source says so. If reliable sources that say anything, and they all say the same thing, then that is the truth as far as Wikipedia is concerned. Deliberately excluding relevant information because you don't agree with it, but can't find any sources to back that claim up, that's just not good editing. This may be a flaw in the core of Wikipedia, but it is still the core of Wikipedia. Besides, it's a neologism, and its definition is subject to change without prior notice. ▫ JohnnyMrNinja 15:33, 14 June 2011 (UTC)
- Well, we really don't have to specify which hat they are. In cases where there's a consensus that the reliable sources are wrong on an issue (i.e. Joseph Evers) I think it's ok to omit what they're saying (although one can't say, "Sources say X, but they're wrong" on the page itself) as long as we're not posting our own view of the issue on the page itself. Qrsdogg (talk) 03:42, 14 June 2011 (UTC)
- If the terms black hat and grey hat are likely to confuse perhaps it would be best to remove hat based characterizations all together. Does the designation provide additional insight? Polyquest (talk) 02:06, 12 June 2011 (UTC)
- While I do agree that these hackers are black hat and that the media has been using the term grey hat incorrectly, unfortunately, I found no reliable sources that call them black hat. I think we have to keep it the way it is for now. かんぱい! Scapler (talk) 16:09, 11 June 2011 (UTC)
- Ok, I re-added the "Grey hat" bit, I'm open to the idea that CNN and the BBC aren't infallible, but we'll need some sources to change the description in the article. Qrsdogg (talk) 05:33, 11 June 2011 (UTC)
- Sorry, Wikipedia doesn't count as a reliable source. The definition mentioned above at grey hat is (falsely) sourced to a Linux manual. This is a rarely-mentioned term in mainstream media, and if this is what RS think it means, what choice do we have? ▫ JohnnyMrNinja 05:29, 11 June 2011 (UTC)
Actually, I think I'd argue that on some levels they are grey hat hackers. Of course, Titanic Take-down Tuesday was admittedly as black hat as one can get, but they did e-mail the NHS saying they'd found a vulnerability in their system, did not intend to exploit it and wanted to help them improve their system by telling them. It would be wrong to say that they only exploit, as black hat implies. Lowri (talk) 11:57, 15 June 2011 (UTC)
- Agree with that. They even claimed themself to be a hacker group that just wants to make chaos and destroy their victims even personal. There is nothing to discuss anymore they ARE BlackHats!
They are neither Black, Grey or White. They are doing it for entertainment. They just hack to enjoy the computer era while it lasts. UnbiasedNeutral (talk) 07:03, 20 June 2011 (UTC)
Minor attacks section
If LulzSec continues hacking websites at the present rate, we are going to rack up quite a list. Maybe we should combine all the minor attacks together in a new section. I am thinking specifically about the Nintendo hack and the hack of the porn websites. It is not much of a problem right now, but maybe we should start thinking about a reorganization. Polyquest (talk) 02:14, 12 June 2011 (UTC)
- I would suggest instead re-naming the section simply "attacks". Labeling them "major" or "minor" seems a bit like original research. News outlets are not mentioning any of these attacks as lesser of greater than others and as such we probably shouldn't either. かんぱい! Scapler (talk) 05:18, 12 June 2011 (UTC)
- A good point, if we were to institute that classification there are already a couple that could go either way. Right now it isn't a problem, but my fear is that if Lulzsec continues at it's present rate the article might turn into a bit of a cluttered list before too long. With the list giving equal weight to major hacks, like the attack against Sony, and minor ones, like the attack against Nintendo. I have no problem with waiting to see if it becomes a problem before addressing it though. Polyquest (talk) 07:54, 12 June 2011 (UTC)
- True, though the Anonymous page has gone awhile with its majority content being a large list of attacks and activities. So long as we do not just start listing them and continue to include a good amount of information on them, I don't see the problem with a large list. Tis not our fault that these guys are crazy active. かんぱい! Scapler (talk) 15:07, 12 June 2011 (UTC)
Sorry, I just re-organized it without seeing this. Feel free to revert me if you think there's a better way to handle the content. Qrsdogg (talk) 03:37, 14 June 2011 (UTC)
- I like the way you did it. I say leave it the way Qrsdogg arranged it unless future attacks force us to organize it differently. かんぱい! Scapler (talk) 03:47, 14 June 2011 (UTC)
I think one way to work with an increasing number of attacks is to create a subarticle or separate article. If they continue at their present pace and have 60 victims/hacks in a few months from now, you could have a completely separate article like "Hacks from LulzSec". This would be similar to how a country article will briefly recap the history of a country while "History of countryxyz" is its own article. — Preceding unsigned comment added by 96.32.137.217 (talk) 08:02, 14 June 2011 (UTC)
- FWIW, I pretty much agree. If they can keep this pace up, I could see starting List of LulzSec hacks. Qrsdogg (talk) 15:19, 14 June 2011 (UTC)
The reorganization looks great. One way or another, we will almost certainly be adding a lot more information to this article. Polyquest (talk) 22:05, 14 June 2011 (UTC)
I've added their release of 62k email/passwords. I placed it in the later corporate attacks section, but don't know if it belongs there. The release is a portion from a "collection". --Dayyan (talk) 13:20, 16 June 2011 (UTC)
Escapist Magazine
They claim to have hacked it:
"Okay Escapist Magazine, let's play a little game..."
"Tango down: (link removed) *munches popcorn* wonder where the gamers are gonna run now."
"Primary Lulz Cannon is making toast of Escapist Magazine. The real disruption ammunition is secretly causing hell for their sysadmins. umad?"
"We're firing at Escapist Magazine with around 0.4% of our total ammunition. Let's see what their admins are made of - game is on, folks." The game (talk) 16:56, 14 June 2011 (UTC)
EVE Online
- "We just wiped out the login server for Eve Online, and it accidentally took their website out at the same time: (link removed)
The game (talk) 17:06, 14 June 2011 (UTC)
- Yea just heard about the EVE Online servers being down, can't confirm as they haven't said anything directed towards it being a hacking attack. Yet. To note though this whole article needs to make sure to differentiate between Hacking and DDOSing, there is a MAJOR difference and people tend to get the two confused. -75.150.195.86 (talk) 18:41, 14 June 2011 (UTC)
The EVE Online servers were taken down by the admins, not by Lulzsec DDoS: http://www.eveonline.com/news.asp?a=single&nid=4616&tid=1 ManicDee (talk) 02:13, 15 June 2011 (UTC)
- This is incorrect, do check the Eve Online news stating that there WAS a DDoS attack, also I reference Eve Online's own twitter in whic they stated there was an active DDoS attack, the result of such was taking down all of their services until they could resolve and prevent any further damage to the systems because of the LulzSec DDoS attack. + Crashdoom Talk // NekoBot OP 13:23, 16 June 2011 (UTC)
Referencing sources
Need to reference sources more - "Lulz Security (or simply LulzSec) is a computer hacker group that claims to be responsible for several high profile attacks, including the compromise of over 1,000,000 user accounts from Sony in 2011 of which only 37,500 were actually affected according to Sony. It has gained attention due to its high profile targets and the lighthearted messages it has posted in the aftermath of its attacks.". Where is the source of this information? — Preceding unsigned comment added by 82.42.144.53 (talk) 09:37, 15 June 2011 (UTC)
- Per WP:LEAD, the very first section of an article does not need to be referenced as it merely serves as a summary of the rest of the article. All of these facts are sourced in the main body of the article though. かんぱい! Scapler (talk) 13:07, 15 June 2011 (UTC)
Should this be included?
Lulzsec is claiming to have infected the computers of users of the 4chan /b/ board. However, there has been no independent confirmation of this and only this story. Worth putting in? かんぱい! Scapler (talk) 15:25, 15 June 2011 (UTC)
If so, it is probably an insignificant portion of their botnet. It could also be a false statement meant to incite. Since it can't be proven and there have been no releases related to it, I think it should be left out.--Dayyan (talk) 13:18, 16 June 2011 (UTC)
Edit request from TrueEon, 17 June 2011
This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
A section describing how they have gone from grey hack to black hats need to be inserted. Explaing how they have gotten a hold of over 160,000 usernames and password and have then distributed this online twice. People have been taking these usernames and passwords to cause havoc and causing problems for users.
TrueEon (talk) 09:55, 17 June 2011 (UTC)
- Unfortunately, until the mainstream media begins to describe them as black hat, we cannot. We run on verifiability, not truth. かんぱい! Scapler (talk) 11:56, 17 June 2011 (UTC)
- Not done for now: As stated above, until we can get verifiable and reliable sources, e.g. the mainsteam media, we wont be able to edit it into the article. + Crashdoom Talk // NekoBot OP 12:00, 17 June 2011 (UTC)
The media doesn't even know how to coin the term properly let alone right anything decent. The have said they have exposed email addresses of 65K users. If we can't call them black hats then thats fine. Insert a section about how they have leaked user information and that Lulzsec followers have used that information to cause distress. TrueEon (talk) 14:49, 17 June 2011 (UTC)
- I had already done this. From the "later corporate attacks" section: "On June 16, LulzSec posted a random assortment of 62,000 emails and passwords to MediaFire. LulzSec states they released this in return for supporters flooding the 4chan /b/ board.[32] The group did not say what websites the combinations were for and encouraged followers to plug them into various sites until they gained access to an account. Some have reported gaining access to Facebook accounts and changing images to sexual content and others to using the Amazon.com accounts of others to purchase several books.[33]". We can discuss putting it under a different section, but the information is there. かんぱい! Scapler (talk) 18:28, 17 June 2011 (UTC)
Popular Culture?
NMA.tv has made a 3d rendering of the LulzSec story. Where should this be included? http://www.youtube.com/watch?v=udcnlLXUh8E --Dayyan (talk) 20:24, 17 June 2011 (UTC)
Twitter and LulzSec
It would be a nice addition to mention the permissiveness and collaboration of Twitter regarding their own rules and LulzSec: http://support.twitter.com/groups/33-report-a-violation/topics/121-guidelines-best-practices/articles/18311-the-twitter-rules — Preceding unsigned comment added by 79.147.249.245 (talk) 20:53, 17 June 2011 (UTC)
The Berrics Official Website Hacked
http://www.theberrics.com is currently hacked by lulzsec, which is the biggest skateboarding website in the world. There is suppose to be a BATB4 game of skate going on today but it's not going to happen due to the hack. In the website, there's a picture which shows the lulzsec boat which indicates they hacked the site. http://www.slapmagazine.com/component/option,com_jfusion/Itemid,4/index.php?topic=54135.0 — Preceding unsigned comment added by 75.74.25.110 (talk) 20:00, 18 June 2011 (UTC)
The Berrics Hacked By Lulzsec Screenshot
The famous skateboarding website was hacked this morning and still is, which won't let users enter the site. Here's the screenshot from the site which proves it ws hacked by lulzsec, someone please add this to the article. http://theberrics.com/img/splash/relaunch/hacked.jpg — Preceding unsigned comment added by 75.74.25.110 (talk) 20:14, 18 June 2011 (UTC)
Is wikipedia safe from LulzSec hackers?
Currently they are taking requests at twitter and some of them have been from disgruntled wikipedia users. I know that wikipedia has the latest protection software but as an internet giant its hard to say that every possible avenue is closed to these professional vandals. Maybe we should change the policy of calling undesirable edits "vandalism' as being called a vandal seems to create some animosity among our detractors. This is one of the internet heavyweights with more pages online than any other website I know of. I'm genuinely fearful of the impact such an attack could have on the internet globally. The collapse of one major bank caused a world recession. Hackers running the worlds largest information resource could lead to anarchy. Omegamaul (talk) 23:38, 18 June 2011 (UTC)
- The Wikipedia community thanks you for your concern but I personally dont feel its warranted. We unlike other internet heavyweights are run by a Non-Profit organization called the Wikimedia Foundation. If they like Freeware and Open-source software then I think hitting us would be counter productive in their own eyes. If they do hit us with DDoS attack then realistically what could We do but wait for it to be over? If they do they do... if they dont they dont... Wikipedia will still be here when the dust settles. The Resident Anthropologist (talk)•(contribs) 23:45, 18 June 2011 (UTC)
They claim that their attacks are strictly "for kicks" and don't appear too fussy about targets. The CIA is a non-profit organisation too and they seem to have effortlessly invaded that website. Arguably one of the most attacked websites in the world with state of the art systems operated by government hackers. Kind of ironic since the CIA routinely hacks personal computers. Omegamaul (talk) 00:55, 19 June 2011 (UTC)
- The kind of attack they have been performing upon request and have used against the CIA is what's called a DDos attack. It doesn't actually invade the site, it just makes it harder for people to access it for a while. It's like trying to access the internet while you are downloading a large file, and there are lots of ways to deal with this problem. So I wouldn't worry about the kind of attack they launched against the CIA, in all likelihood the worst it would do is slow the site down for a couple hours. While I don't want to taunt them, and they could prove me wrong, when it comes to Wikipedia I doubt they possess the technical sophistication necessary to implement the kind of attack that actually takes over systems or steals data, like the one they used against Sony. My impression is that Wikipedia's security is better than that of the targets they have taken over so far through methods like SQL injection. It's clear LulzSec is a cut above script kiddies but they aren't in the same league as those who undertook the Stuxnet attack. In short I wouldn't worry about it too much. Polyquest (talk) 04:24, 19 June 2011 (UTC)
Adrian Lamo link?
According to one report http://www.techunlimitedusa.com/2011/06/06/anonymous-pastebin-guest-exposes-lulzsec-hackers/ (and a google search will see multiple people saying the same thing) Adrian Lamo is the leader of lulzsec. I find the info slightly dubious though, because there is a lot of hate for Adrian Lamo given his despicable actions in the Bradley Manning case, so it could well be that people are linking him with lulzsec in order to encourage an attack against him. Any thoughts? Wikiditm (talk) 10:46, 19 June 2011 (UTC)
- I agree that this information is almost certainly inaccurate. I don't think the accusation should be added unless there is a really iron clad source. Polyquest (talk) 06:20, 20 June 2011 (UTC)
X-Factor Other Missing Parts
hy is the fact that they released the information of all contestants on the X-Factor not included on this? It was their first notable attack and got them mainstream media attention. Here's a reference if you need more help Reasons to Fear Lulzsec: Sites, Skills, and Slant.
Also, the group released what media accounts have described as a "manifesto" in honor of their 1000th tweet. It seems like this would be very relevant to the article. Sources, along with multiple interpretations: LulzSec Manifesto: More Sec Than Lulz and manifesto: "We screw each other over for a jolt of satisfaction". I suggest anyone editing this article read the complete statement on their website: - 1000th tweet statement.
Also, this article from the Guardian has some extremely notable and relevant information in regards to the Government's response to their Senate hack attack: Senate orders security review after LulzSec hacking. Some parts that should absolutely be added:The attack caught the attention of the Sergeant at Arms and, according to John Bumgarner of the thinktank US Cyber Consequences Unit, may have political ramifications: "They're all valid directories," he said after looking at data that Lulz posted online. "This is an especially embarrassing incident for the US Senate, because they are often asking others to explain why their cyber security programmes have failed."
- You are absolutely correct; this should all be added. Unfortunately, I do not have the time right now, but I will see what I can do later tonight. How do people feel about the manifesto being placed under some kind of "ideology" or "motivations" section? かんぱい! Scapler (talk) 22:36, 19 June 2011 (UTC)
- An ideology section would be awesome. I think there are finally enough sources to write it. Polyquest (talk) 01:22, 20 June 2011 (UTC)
- The ideology section you've added looks great Scapler. I think this article is good enough now to be promoted to a C class article. Polyquest (talk) 06:03, 20 June 2011 (UTC)
- Yeah, I think that I fleshed it out enough to be a good section. I also added the X Factor thing to the hack section as well as its prior mention in the overview section and a reference to an ATM user list they announced before the media picked them up. The article is really coming around. I will look at expanding the Senate section later, but for now it is three in the morning where I am, so I'm calling it a night. かんぱい! Scapler (talk) 07:02, 20 June 2011 (UTC)
- The ideology section you've added looks great Scapler. I think this article is good enough now to be promoted to a C class article. Polyquest (talk) 06:03, 20 June 2011 (UTC)
- An ideology section would be awesome. I think there are finally enough sources to write it. Polyquest (talk) 01:22, 20 June 2011 (UTC)
Pro-LulzSec bias
The Ideology section currently starts out with: "Lulzsec does not hack for financial profit."
How do we know that is true? We have an anonymous, secretive organization who ridicule people and companies, publish passwords, and take responsibility for hacks that are illegal and have caused many people pain and annoyance. Oh, and they take contributions and claim the funds will be used to hack. Anything here suggest LulzSec statements should be taken as honest and accurate?
By the way, the cited article for that statement says "LulzSec doesn't appear to be hacking for illicit profit" — so the statement is not justified by the citation. Two qualifiers ("appear" and "illicit") were removed when the statement was moved to Wikipedia.
There are other similar statements in the Ideology section that need to be qualified. 64.196.219.122 (talk) 15:38, 20 June 2011 (UTC)