Talking LulzSec/Anonymous vs PayPal on TripleJ’s Hack

On Wednesday afternoon, LulzSec and Anonymous joined forces to encourage people to boycott PayPal by withdrawing their money and closing their accounts.

The back story is that PayPal has cut off WikiLeaks’ account, meaning that people could no longer donate money to WikiLeaks via PayPal. Anonymous launched distributed denial of service (DDoS) attacks against PayPal. Last week the FBI and others arrested people alleged to have been responsible for those attacks. So this week, the boycott of PayPal.

The joint statement by LulzSec and Anonymous makes for interesting reading. It describes DDoS attacks as “ethical, modern cyber operations”. Such things are actually a criminal act, despite what Anonymous may imagine the law to be. “Law enforcement continues to push its ridiculous rules upon us,” they write, when it’s not law enforcement who makes the laws, but governments.

The call for the boycott was unfolding as Triple J’s current affairs program Hack was going to air, and I phoned in a report. Here’s the audio.

I found it interesting that presenter Tom Tilley responded to my comment that DDoS is a crime by saying “Yeah I imagine there’d be people with lots of different points of view about what they’re doing and whether it’s indeed lawful.”. Personally I reckon the law in this is pretty clear. Pandering to their audience?

The audio is ©2011 Australian Broadcasting Corporation. It has been extracted from the full program audio [MP3].

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

Talking hacker arrests on ABC’s “The World Today”

While I was busy writing an op-ed on the LulzSec vs Murdoch saga this morning — and I’ll post more about that momentarily — I got a phone call from ABC Radio’s lunchtime current affairs program The World Today to comment on the FBI’s arrest of alleged Anonymous-connected hackers overnight.

The story is TransAtlantic arrests target hackers, and if you click through you’ll get both transcript and audio. You’ll hear me, as well as Patrick Gray, presenter of the Risky Business podcast on information security. The reporter is Sarah Dingle.

I’d be interested to know what you think of these arrests.

Patrick reckons they arrested nobodies.

This current batch of arrests will “bring to justice” a bunch of people who made no attempt to conceal their actions because they’re either technically useless or just didn’t care.

They’re “low hanging anons”.

But that won’t stop the mainstream media from portraying this as the establishment striking back at online troublemakers.

I reckon that while that may or may not be true, the computers the FBI has just seized will be handy evidence when it comes to tracking down other culprits. After all, their operational security has hardly been world class.

Talking LulzSec vs Murdoch on ABC 774 Melbourne

I knew as soon as I posted my CSO Online and Crikey stories about the hack of the News International websites including The Sun this morning that I’d be asked to do some radio spots.

If you missed the story, this morning I posted a screenshot of the fake story posted on The Sun.

Sure enough, this afternoon I chatted with Lindy Burns on ABC 774 Melbourne. And here’s the audio.

The audio is ©2011 Australian Broadcasting Corporation, but it hasn’t been posted on their website so here it is. In return, I reckon you might choose to listen to Lindy Burns’ drive program some time soon.

I also spoke with Bernadette Young on ABC Gold Coast, but my phone kept dropping out. I did record the audio, but it covered much the same territory. Would you like me to post it?

LulzSec claims to hack The Sun: screenshot

High-profile hacking collective LulzSec is currently claiming to have hacked UK newspaper The Sun and redirected its home page to a fake story about the suicide of Rupert Murdoch.

While The Sun was looking just fine to me, there was certainly a story inserted into a News International website.

The screenshot shows the page at www.new-times.co.uk/sun/ as of about 0730 AEST this morning.

Gizmodo is currently saying the home page was hacked, but they’re also saying the hack was done by Anonymous. That’s journalism right there.

At 0815 AEST LulzSec then claimed to have redirected The Sun home page to their Twitter feed. I’ve just confirmed that to be true.

Since I write about information security, it looks like I’m in for a busy day. I’ll update this post as things unfold.

[Update 0910 AEST: I’ve had many witnesses confirm that The Sun’s home page did indeed redirect to the fake story. I will assume for the moment that the Next G mobile broadband I’m currently using is cached to buggery.]

[Update 1015 AEST: My story at CSO Online has just been published, LulzSec hacks UK’s “The Sun”, News International. Meanwhile, a few minutes ago LulzSec claimed that “News International’s DNS servers (link web addresses to servers) and all 1,024 web addresses are down.”]

[Update 1235 AEST: The consensus seems to be that News International has taken itself offline. There has been no further activity from LulzSec, apart from more of their trademark cocky tweets.]

[Update 1415 AEST: My Crikey story is now online, LulzSec 1, Murdoch 0: News Int, the hacker, becomes the hacked.]

[Update 1840 AEST: I’ve just posted audio of my interview with ABC 774 Melbourne on this story.]

Weekly Wrap 55

A weekly summary of what I’ve been doing elsewhere on the internets. If last week was a bit thin, this week more than made up for it — and as I noted yesterday, I’m knackered.

Podcasts

  • Patch Monday episode 93, “Are we missing the bus on Gov 2.0 data?” A popular Sydney Buses app died when Sydney Transit cut off the data feed after just a few weeks, citing lack of server capacity. Developer Ben Hosken is disappointed, but he’s more concerned that developers aren’t making enough use of the government data on offer. I also speak with developers Benno Rice and Adrian Chadd.

Articles

In addition to these, I wrote a fifth piece for ABC’s The Drum, but that hasn’t been published yet. And there’s a couple of pieces I’ve been working on that I must finish and file tomorrow.

Media Appearances

I did five radio spots this week, which is a record I think. Well, except for when I worked full time in radio, obviously.

  • On Tuesday I spoke with Louise Maher on ABC 666 Canberra about the photographic project Everyday Photographs, Extraordinary Journeys, which I inspired. Well, partly inspired.
  • On Thursday morning I spoke with Adelaide radio 1395 FIVEaa about the National Broadband Network. I’ve already posted the audio.
  • A little later on Thursday morning I spoke on ABC Radio National’s Life Matters about the current state of play in information security. I’ve already posted about that.
  • While I was talking live on Radio National, ABC North Coast NSW broadcast an interview with be about Facebook and Social Media that has been pre-recorded. Alas, I don’t have a copy.
  • On Thursday afternoon I spoke with ABC 774 Melbourne about Bitcoin a digital currency. And I’ve posted that audio too.

Corporate Largesse

None. We’ll have to fix that. Dear PR Operatives, my junket calendar for July is empty. You know what to do. I prefer an aisle seat.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: The afternoon sunlight can be fierce at The Grand View, an image taken in The Grand View Hotel, Wentworth Falls, yesterday.]