17 comments

[ 1.9 ms ] story [ 46.4 ms ] thread
Is this the beginning of world war 3?

So the past couple of weeks I can remember the following sites getting pwned:

All Sony sites. GMail. The I.M.F. Citibank Pron.com Nintendo Epic Games Senate.gov

From all the high profile services hacked one can start making the following hypothesis:

> There's a major hole in the linux kernel or OS and they're just having so much fun with it.

> They have infiltrated all of these organizations and have people from within opening the doors

> They are the X-Men of hacking

> They're the Chinese government X-Men of hacking

> Or security on all of these websites really sucks

(Keep adding your hypothesis)

> Or security on all of these websites really sucks

Most plausible hypothesis

> Or security on all of these websites really sucks

Ding ding ding, we have a winner. I know nothing about the specific cases here, but web security is generally a joke. Very, very few companies take it seriously and have a proper security methodology. Without this, it's like stealing candy from a baby... with no arms or legs.

> Or security on all of these websites really sucks

Yup. The status quo / baseline of security online is terrible.

Slashdot rumor has it they've got themselves an Apache 0-day, but other hypothesizes have then SQL injecting or otherwise exploiting the webapps themselves.

Either way, the rate of attacks in the world hasn't changed, just these guys have gone back to the old way of yelling about what they accomplish rather than remaining silent.

Their data-dump attacks have been by SQLi, I think; they generally publish the URL of the vulnerable input in their release.

They're using other means to root machines, though. My guess is that anybody that took the right classes in college could be doing exactly what they're doing now.

This incident is much less of a big deal than any of the others, since (having looked at the actual files they accessed) there's nothing even slightly sensitive or even interesting in there.

    Is this the beginning of world war 3?
If it is, it would be the stupidest reason for going to war, ever.

Not that an assassination or bogus claims of WMD or the slicing of a captain's ear are any less stupider, but wouldn't it be funny if WW3 would start because of an April 1st joke done for the lulz?

what I meant was that this is how WW3 is done, online.
They're pointing out what many of us have observed for years in our work-a-day lives.

I used to try to point such problems out to responsible parties, when I'd come across them in my work or personal affairs. Most often, at best I received complete indifference. As often as not, I received hostility.

Mind you, I didn't hack anything. Just told a product owner or officer 'you have a problem here, with this (specifically this), that you might want to take look at'. For the sake of your customers. For the sake of the/your business's reputation, not to mention risk exposure.

I have very little sympathy for many of the people/agencies currently falling "victim". Especially not considering the budgets at their disposal. Where they are not outright incompetent, they've been practicing willful ignorance.

And then, we get yet more draconian laws as a lame, but destructive, attempt at a compensation mechanism.

Do your fucking jobs. Don't legislate (or "black ops") a "three monkeys" burden for the rest of us. The responsible parties (and not just "the techs") should be fired for nonfeasance, if not misfeasance or malfeasance.

So add to the list CIA.gov

WW3 is fought on the internets.

> It's our own government trying to create the illusion of a new terrorist threat, a new excuse for laws to control the internet (a-la Sarkozy).
The second comment there (and the people agreeing with it) are the real problem. They actually think things are more secure if nobody talks about them being insecure. They're more worried about troublesome security issues than the safety of their own information.

So I'm going to solve their problems: If it ever comes to a point that internet services are too hard to use because of the necessary security measures, I will happily create a low-security site of the same type. You can give me your info and money and I will happily hold it on my insecure site so that it's easy for you (and everyone else) to access.

Problem solved.

They also asked Bernacke(FED Resrve Chairman) to resign via anonymous..
Hacking US Senate website != Hacking the US Senate (period)

That's the real lulz!