Collateral Damage: In The Hunt For LulzSec, FBI Takes Down A Bunch Of Websites

from the making-omelets dept

As a bunch of folks have been sending in, the FBI raided a data center in Reston Virginia, seizing a bunch of servers and taking a bunch of sites offline (including some big names). This isn’t — as some suggested — quite the same thing as the infamous ICE domain seizures. This sort of thing does happen from time to time, when law enforcement is seeking actual information on a server which is part of a larger criminal investigation. That said, it always amazes me how much collateral damage law enforcement does in these situations, when it seems like they could definitely be a lot more targeted. Even worse, the reports claim that the FBI is actually trying to chase down the loose hacker collective LulzSec, which seems like a waste of time. Frankly it seems like the FBI must have something more important to work on. That said, it does seem somewhat ironic that in trying to track down a group that has been taking down (somewhat random) websites, the FBI has also taken down a bunch of websites, including the popular blog network Curbed, and parts of the super popular utility Instapaper.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Collateral Damage: In The Hunt For LulzSec, FBI Takes Down A Bunch Of Websites”

Subscribe: RSS Leave a comment
104 Comments
Anonymous Coward says:

“Frankly it seems like the FBI must have something more important to work on”

I don’t know about that. Major hacks, international attacks aimed to steal millions of credit card numbers, to hack into secure systems, and cause millions of damages seems like a pretty good thing to be working on.

Perhaps parts of the “popular blog network” were being used to guide the hackers. Do you know anything?

Anonymous Coward says:

Re: Re:

You are such a tool.

“aimed to steal millions of credit card numbers, to hack into secure systems, and cause millions of damages”

They caused no damages. Would you rather they had sat on the credit card numbers and sold them rather than release them? At least the people had fair warning.

‘Perhaps parts of the “popular blog network” were being used to guide the hackers.’

The stupidity of this sentence doesn’t warrant an intelligent or direct response.

Anonymous Coward says:

Re: Re: Re:

Um, they are spending their time looking for the group. Getting access to the websites to look for clues is just one of the ways. And along with the FBI, the UK police caught a person who they think is one of the ringleaders of the entire operation, Ryan Cleary. Now wether or not he is one of the members of the operation, it still shows that the FBI is actually interested in tracking down the group, and not just “taking down random websites”.

cc (profile) says:

Re: Re: Re: Re:

The thing is, they don’t need to take down ANY websites to “look for clues”. They could have imaged the servers and walked out, but noooo that would have been too easy.

Also, the guy arrested in the UK is apparently just some kid that was running an IRC server that Lulzsec and Anonymous used from time to time. He was hardly a “ringleader” or even someone who would know the ringleaders.

Tbh, I bet they are all hiding using Tor, so the only way to track these people down is if they slip up in a big way.. like brag about the hacks on their Twitter or give out their personal info on IRC or something.

Anonymous Coward says:

Re: Re: Re:2 Re:

The reality is that groups like this are mostly one or two leaders trying to hide themselves in a crowd of willing script kiddies. They will claim to have no leadership, but it’s always the same people leading the way or guiding the situation.

When it gets out of hand, the brains leave to form a new group. That is why lulzsec is an offshoot of anonymous, which is an offshoot of 4chan. When the brains no longer control the masses of kiddies, they move on.

This guy is probably pouring his guts out right now, crying like a little baby hoping that he doesn’t spend 40 years in a federal butt slammin’ prison.

Gwiz (profile) says:

Re: Re: Re:3 Re:

The reality is that groups like this are mostly one or two leaders trying to hide themselves in a crowd of willing script kiddies. They will claim to have no leadership, but it’s always the same people leading the way or guiding the situation.

Really? That’s not what I have read concerning these groups.

Do you have some sort of citation for that or are you just going on the same assumptions of the government agencies who think all groups are organized in a top down fashion because they are incapable of thinking outside the box?

Anonymous Coward says:

Re: Re: Re:4 Re:

I think you are falling for the sort of cover they are looking for. Why does a celebration of a sporting team winnings (or losing for that matter) turn into a riot? A few people in the crowd came looking for the crowd to cover up for their activities. They encourage others, and you have a tipping point.

lulzsec and anonymous and so on are really run by a very small group of people, with plenty of little splinter groups. The people at the top of the pile want the coverage that the masses of script kiddies offers to them. They can operate better when the police are spending their time tracking down 15 year olds running low orbit software.

It’s the nature of the game. Something like this doesn’t just happen as the will of a crowd, we are not the borg. There is always someone or a group of someones leading the pack.

MrWilson says:

Re: Re: Re:5 Re:

I’m still waiting for a citation. You’re saying that this pattern is consistent in groups of disparate types, like sports hooligans and hacking groups. While crowd dynamics may tend to seem to work a certain way that you can observe, there’s no definite paradigm for how each individual group will operate and there’s little public evidence from which derive observations as to how Lulzsec operates or what kind of leadership hierarchy it might have, if any. You’re trying to assert your observation as some sort of fact. The truth is, you don’t know. And I don’t know. And likely many people operating in Lulzsec or participating in a sports riot don’t know how the group operates exactly or why the riot got started.

Gwiz (profile) says:

Re: Re: Re:5 Re:

It’s the nature of the game. Something like this doesn’t just happen as the will of a crowd, we are not the borg. There is always someone or a group of someones leading the pack.

I am still not convinced. Consensus of a group does not require leadership.

And why do you keep characterizing these groups as made up of mostly “15 year old script kiddies”? Personally, I’d think the demographic must be somewhat older than that. What 15 year old wants their their computer privileges taken away over a social issue they probably don’t really care that much about?

Anonymous Coward says:

Re: Re: Re:6 Re:

The answer is “they think it’s cool”.

The last round of anonymous busts pretty much all came up with minors and college freshmen, most of the raids were on Mom’s basement. It was absolutely hilarious.

Even in a group there are leaders and their are followers. It’s human nature. We don’t work well as groups of equals, we work better in a hierarchal setup, with leaders and followers. Even if it isn’t out intention to end up that way, it is human nature.

PaulT (profile) says:

Re: Re: Re: Re:

Ah, going to your own blind assertions rather than facts again, I see?

“Getting access to the websites to look for clues is just one of the ways.”

Which doesn’t require taking them down, especially not in the numbers being talked about here. From what I’ve read, they’ve taken down entire racks because a site they wish to access is located on one of them, taking down numerous sites that have had nothing to do with the group. According to the linked article, they did this even though they were informed exactly where to find the individual servers they suspected of being involved, they just took the lot down anyway.

“the UK police caught a person who they think is one of the ringleaders of the entire operation, Ryan Cleary.”

So you don’t believe in innocent until proven guilty, right? AFAIK, we won’t know until this afternoon exactly what he’s being charged with, but the group itself has issued statements saying that he’s only involved so much as far as they use one of his sites along with many others.

Far from a ringleader, he seems to be only tangentially affiliated with the group, and my personal suspicions are that the threat of prosecution is only being made to try and pressure him into giving up the identities of other members (which, of course, he may well not know). I await the facts with interest, but so far they don’t seem to be pointing in the FBI’s favour.

All we have so far are allegations and suspicion, yet you treat those as fact. We’ll see how far this goes and whether anybody else will be prosecuted, but this hardly justifies the collateral damage being done.

ClarkeyBalboa (profile) says:

Re: Re:

I don’t disagree that the FBI should be investigating these attacks, but it will be interesting to see if anything actually comes of it, not to mention finding out the collateral damage caused in the hunt for lulz.

I would love to see groups like Anon and Lulz build an actual legal business around hacking. They are showing with amazing speed just how vulnerable and outdated alot of sites are, sites which collect enormous amounts of personal data from their customers. Exposing those vulnerabilities could be really good in the long term if it means that companies with a large internet presence / community are required to actually respect their clients information and be on constant vigil against attacks.

Anonymous Coward says:

Re: Re: Re:

Actually, it appears that all these script kiddies are doing is running against standard known holes of various operating systems and software packages, and using that to claim massive victory.

The truth is they are dunderheads for going after high profile targets, it makes them look bad and makes them a high priority target for law enforcement.

Someantimalwareguy says:

Re: Re: Re: Re:

The truth is they are dunderheads for going after high profile targets, it makes them look bad and makes them a high priority target for law enforcement.

Actually, the truth is that Lulz and Anon are not the ones you should be worried about; it is the ones who you never see that should be keeping you up at night. Lulz and Anaon are attention seeking and narcissistic which will make it easier to round them all up eventually. The real hackers, who leave little if any trace while having extracted even greater amounts of information with completely opaque agendas should be the focus of LE’s attention and priority.

JMHO

Jeremy7600 (profile) says:

Re: Re: Re: Re:

Duh. That is exactly the victory Lulzsec is interested in.

The sites AREN’T SECURE. That’s the entire point from day one. They are making it abundantly clear that the sites need to be hardened more than they think/assume they are. They are showing people that you shouldn’t just trust a big name company with all of your info/data because if they don’t execute due diligence your data is as good as open to everyone.

It doesn’t make them look bad, it makes the sites they’ve taken down look bad.

Not to mention, they’re doing it for the Lulz

http://lulzsecurity.com/releases/1000th_tweet_press_release.txt

Anonymous Coward says:

Re: Re: Re: Re:

You’ve reached the crux of the matter. Institutions that collect details of millions of people do not have any sort of competent security against simple SQL injection attacks. I would posit that many of these companies would have been attacked eventually by even less scrupulous people and we would have never heard about it. That situation is even worse than what LulzSec is doing.

Jeni (profile) says:

Re: Re: Re:

Well said!

As far as the info they’re sharing – do I sense some are implying “3rd party responsibility” against Lulz here?

Because just putting it out there to show security breaches does not give anyone the RIGHT to use it for any means whatsoever and a law abiding citizen knows this.

Anyone who does misuse the info should, of course, be held accountable for THEIR misdeeds.

Just for the record and the “love-to-spew-hate” perps, I do understand the shock and horror anyone feels at finding out their passwords have been exposed. I would feel the same way – but would be upset with the entity who allowed it to happen, not Lulz.

Mike Masnick (profile) says:

Re: Re:

So the FBI shouldn’t be worried about a hacker group that takes down websites, like cia.gov, and spreading thousands upon thousands of people’s personal information across the internet, including credit card information? Please enlighten me..

There are all sorts of very serious hacker teams with serious malicious intent to steal credit cards and make money. I have no problem with seeking those guys.

LulzSec are making a statement. They’re getting attention, but they’re not really causing much harm. In the grand scheme of things, it seems like focusing on Lulz is missing the point in a big bad way.

Anonymous Coward says:

Re: Re: Re:

Missing the point indeed. The posts i’ve seen “They’re making a point with YOUR information”, “Most security analys companies follow a code…. once they find a security flaw, they let the company know first before they release it so the can fix the problem” Enough is enough. Lulzsec is showing you, me, and everyone how unsecure our data is. What would you rather have? A malicious hacker group breaking in and stealing all of your credit card data, and actually USING it in a bad way? Or a group like lulzsec doing it for the lulz and embarrassing these companies that need to take our data more seriously? Stop babying these companies that allow these flaws, crack down on them, and yes EMBARRASS them if you must to protect OUR data.

Anonymous Coward says:

The problem is that Lulz has committed an unspeakable crime...

…they have embarrassed people in power. So even though in terms of the actual threat they pose, they’re negligible (garden-variety spammers do far more damage every day than Lulz has combined, to date) they must be pursued with high priority in order to prevent the further discomfort of those holding the FBI’s leash.

senshikaze (profile) says:

Re: The problem is that Lulz has committed an unspeakable crime...

yes. I really wish we could get rid of all spammers across the globe. I am fairly sure that it would speed up the internet in general. But we can’t really do anything with this whole “free speech” and international treaties and such.

Our business has over 20,000 dropped (spam) emails a day. over 120,000 a week (over the weekends, rates drop). Assuming the average size is 50KB (rather large), that is over 1GB of useless internet traffic hitting our router(and mail filter) a day. It is a shame.

senshikaze (profile) says:

Re: Re: The problem is that Lulz has committed an unspeakable crime...

I looked at our spam filter, and I was wrong about the numbers:
We block over 30k a day, a little over 200k a week, and 800k a month.

To put that in perspective: our spam firewall let only 35k messages through in the past 30 days. Out of 797k total messages incoming.

Spam is a disease.

John Doe says:

Re: Re: Re: The problem is that Lulz has committed an unspeakable crime...

Spam is a disease.

I couldn’t agree more, but free speech and international treaties have nothing to do with it. It just isn’t stoppable. Yea, filters are pretty good at stopping it now, but stopping it from ever being sent is near impossible.

Huph (user link) says:

Re: Re: Re:3 The problem is that Lulz has committed an unspeakable crime...

I have heard, though I don’t know that there’s any real substance to the claim, that charging a very small fee per email would put an end to most spammers. Something around hundredths of a cent which the average email user wouldn’t notice, but enough that it would be unprofitable to send out hundreds of thousands (millions?) of emails each month.

I’ve heard the return rate on spam is very very small, but enough that if you cast a big enough net you stand to profit. Screw spam filters, just make it unprofitable to cast a huge net.

I’m not sure how that would apply to a service like Gmail, since those charges couldn’t be rolled up into a monthly ISP bill. But this is all speculation on my part anyway.

aerilus (user link) says:

Re: Re: Re:3 The problem is that Lulz has committed an unspeakable crime...

isp already do implement more than you know

https://secure.wikimedia.org/wikipedia/en/wiki/E-mail_authentication

the problem is that dns is trusting meanign that every little domain need to implement controls in order to not be subject to phishing attacks then massively sending spam one of the better solutions that is out there is https://secure.wikimedia.org/wikipedia/en/wiki/Sender_Policy_Framework

unfortunately or I guess in a larger since fortunately the internet is still a open space where everyone can participate meaning everyone can to damage. stopping spam is possible like stopping crime is possible by a police state

dj haras says:

You all are goofy

Credit card info, addresses, e-mail, Social Security number, so what? I’m not a hacker and even I can get that info rather easily. Do you know who you can thank for that? Google because it’s all there. As for CC info, it’s all fiat currency. IT HAS NO VALUE albeit may damage your credit score (OOOOOOH, SPOOKY!!!). You can all have my SS# 619-31-0922 since SS won’t be around when I get older. aMErican need to grow a pair and take a damn chance at regaining our country back from these corporate-bought gov’t lackeys. STOP BEING SHEEPLE!!!

ltlw0lf (profile) says:

Re: Re: Re: You all are goofy

Maybe “dj haras” is 9 years old.

Not necessarily. I didn’t apply for or receive a Social Security Number until I was 15 years old. Since 1990, parents apply for SSNs for their children up to 1 year after birth, and this is now required by law, which I personally believe should be illegal and the child should apply for it when they first go for a job or become elegible to pay taxes or receive benefits. There are several examples of parents fraudulently using their children’s SSNs. If dj haras was born before 1986, and didn’t need it until 2002, he could have been granted that particular number.

A.R.M. (profile) says:

Get off my lawn, you damn kids!

Back when I was a much, much younger programmer, the “hacks” to break into systems were much easier and I was approached to develop a system to “keep The Man in line”. I refused, because if I had an issue with “The Man”, I sure as hell wouldn’t hide behind an “anonymous” shield. I’d make sure they knew my name.

In reading all these attacks, it breaks my heart people have become too cowardly to stand up for themselves, especially in the arena of trying to get others to do the same.

If people stood together, they could take class-action suits against companies trying to cheat them or partake in inappropriate actions. Pooling the funds for legal recourse is much better than one trying to fight alone.

I get people are upset over this stuff, but taking their issues out on innocent people, who use these accounts, is bulllshit.

If anyone from Anonymous or LulzSec is reading this, perhaps you consider this before pretending you’re fighting against “The Man”.

In my eyes: you come off more a coward than a defender of rights. Those who defend want their name known.

Just my two cents.

SomeGuy (profile) says:

Re: Get off my lawn, you damn kids!

In reading all these attacks, it breaks my heart people have become too cowardly to stand up for themselves, especially in the arena of trying to get others to do the same.

I take a different view — these anonymous acts aren’t a sign that people have become cowardly, but indicative of how the world has changed. People can’t take a stand for themselves because the playing field isn’t level, and these anonymous attacks help put them back on even ground. I don’t necessarily agree with their tactics, but I can sympathize to some extent.

If people stood together, they could take class-action suits against companies trying to cheat them or partake in inappropriate actions. Pooling the funds for legal recourse is much better than one trying to fight alone.

Unfortunately, I don’t think that’s true. Even if you can assume an unbiased judge (which I don’t think is a safe assumption), regular people do not have the resources necessary to fight a real legal battle against their new oppressors — not effectively, at least, not in a way that will bring lasting change. Recent history has shown that, at worst, Goliath will get a slap on the wrist and the “winners” will each get $8 retribution for their troubles. Nevermind that Goliath has multi-million dollar legal council on retainer, and the people have to tighten their belts and pool their money to scrape up any kind of representation. It’s not a fair system.

I get people are upset over this stuff, but taking their issues out on innocent people, who use these accounts, is bulllshit.

I agree, though in a way making the apathetic feel pain is a good way to motivate them into awareness. To say LulzSec is doing that intentionally is giving them too much credit, I think, but I think it’s fair to say that they are drawing attention to the things that are going on.

If anyone from Anonymous or LulzSec is reading this, perhaps you consider this before pretending you’re fighting against “The Man”.

In my eyes: you come off more a coward than a defender of rights. Those who defend want their name known.

Yeah, think of the heroes of legend: Batman, The Lone Ranger, Zorro. They all recognized that credibility came from your words and identity, not your actions, especially not when those actions run afoul of the established law of the land.

Just my two cents.

Anonymous Coward says:

Re: Re: Get off my lawn, you damn kids!

“Those who defend want their name known”

And in joyous convergence those who they might be defending against also want the names and addresses of the defenders known.

Of course whether anonymous or lulzsec actually are defenders of any kind is another matter.
At least the CIA publish the names and addresses of all their agents, because they have balls. (Possibly yours and possibly in a vice but balls none the less)

Anonymous Coward says:

Re: Re: Get off my lawn, you damn kids!

Agree, especially on cowardice accusation. The word “coward” has been diluted recently and is used too liberally.

Especially I was puzzled why 9/11 terrorist attack was “cowardly” as it was put by officials. It was wrong on many other levels, but calling those people “cowards” for scarifying their lives for their beliefs, wtf?

Anonymous Coward says:

Re: Re: Re: Get off my lawn, you damn kids!

Especially I was puzzled why 9/11 terrorist attack was “cowardly” as it was put by officials. It was wrong on many other levels, but calling those people “cowards” for scarifying their lives for their beliefs, wtf?

Yeah, suicide bombers are “cowards”, while people pushing buttons to launch cruise missiles from 8000 miles away are “brave heroes”.

Anonymous Coward says:

Re: Re: Re:2 Get off my lawn, you damn kids!

If you think it’s cowardly to attack unarmed civilians, then I think you could call the 9/11 attacks cowardly.

The US government says the 9/11 attacks were an attack on the US. The US isn’t exactly “unarmed”, it has the world’s largest and most powerful military. There simply is NO stronger or heavily armed enemy that they could have picked.

Anonymous Coward says:

Re: Re: Re:2 Get off my lawn, you damn kids!

I never intended to start a 9/11 flame, my point was purely linguistic, maybe psychological: we tend to insult villains (or allies) indiscriminately, just for the sake of insult. Goebbels was an evil man, but can you call him “dirty and stinky”? In my old-fashioned vocabulary (and Merriam-Webster agrees) coward is “one who shows disgraceful fear or timidity”. Agreeing that this word is an insult, and that some people deserve insults, I prefer not to use random words for this purpose.

ComputerAddict (profile) says:

Re: Get off my lawn, you damn kids!

“In reading all these attacks, it breaks my heart people have become too cowardly to stand up for themselves, especially in the arena of trying to get others to do the same.”

Anonymous isn’t about being unnamed, it describes the ad-hoc unstructured nature of the group. There is no leader, there is no peon, It’s not “one trying to fight alone” it is in fact the opposite. It is a group taking unanimous collective action.

John Doe says:

Re: Get off my lawn, you damn kids!

In my eyes: you come off more a coward than a defender of rights. Those who defend want their name known

I just visited Philly and they have a treasonous document on display with lots of names, one in particularly large print. For the life of me, I can’t remember what that document was. The interesting thing is how proud we are of our treason in the past, but now would gladly lock anyone up and throw away the key who would dare speak out like this today.

Anonymous Coward says:

1) What exactly should the FBI be worried about then? Tracking down a group of people that are compromising websites out in the open and running a campaign encouraging others to do the same seems right up their alley, actually.

2) Has the FBI even come out and said what it was they were looking for yet? That article eludes to it, but everything I’ve read so far says they’ve made no official comment. It’s not a stretch to connect the hunt with the seizure, but it’s also not exactly fact yet. After all, the FBI has a lot of agents, and probably work on more than 1 case at a time.

Anonymous Coward says:

“…the FBI raided a data center in Reston Virginia, seizing a bunch of servers and taking a bunch of sites offline (including some big names) …. That said, it always amazes me how much collateral damage law enforcement does in these situations, when it seems like they could definitely be a lot more targeted.”

I don’t understand why they can’t get information from the sites without taking them down?

“That said, it does seem somewhat ironic that in trying to track down a group that has been taking down (somewhat random) websites, the FBI has also taken down a bunch of websites”

So maybe the group can use this to their advantage by figuring out ways to encourage the FBI to take down sites for them.

Wulfman (profile) says:

I run an IRC server and have for the past 12 years. We do not monitor chat and keep no connect logs. This search kinda scares me. http://www.pcworld.com/article/230852/despite_arrest_lulzsec_sails_on.html#tk.rss_news

As the article states this person was arrested and it seems his only crime was hosting an IRC server that Luszsec had a chat room on. They grabbed the server looking for chat logs ?
Most servers do not log chat but i have been told there are a few that logging can be enabled on.
At least here in the US we have a 1st amendment right to talk freely…….. or do we?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...