Ask HN: How do Anonymous and Lulz hack so many sites?

11 points by jason_slack ↗ HN
I'd like to ask how does Anonymous and Lulz gain access to so many systems? Obviously this could be due to unpatched systems, weak passwords, poor security, etc but are they really doing anything advanced to gain access?

I have to wonder with proper security practice would as many of these hacks occur?

Are these places running proper firewalling?

Are they running vulnerable services like SSH on an obscure port?

Are their database servers more exposed than they should be?

Are they using horrible passwords?

Do they not review logs?

Get what I am asking? I mean for even my home internet circuit I run a dedicated firewall, dont run ssh on 22, deny everything except what I need.

Can anyone provide any thoughts?

10 comments

[ 2.9 ms ] story [ 27.8 ms ] thread
Most of what I've seen has been via SQL injections in badly coded sites.
they are a group of very educated hackers with alot of time to gdb widely used applications running suid root. They do not publish their remote exploit Intel... aka blackhats, and their ambitious. That in itself with motives to prove a point is dangerous, these guys are not careless, very organized and strike all at once.
doubt doj and government sites ignore SQL issues, I could be wrong but I'd find that odd
All of the above, and more. For example, in the HBGary hack, they used a combination of SQL injection to expose passwords, got lucky when some of these passwords could be re-used for SSH access, then had to resort to good ol' social engineering for full control of the system. This article provides some good insights:

http://arstechnica.com/tech-policy/news/2011/02/anonymous-sp...

There is no magic bullet to stop these types of hackers. It's important that you practice good security culture, since some of these guys do use very advanced techniques.

Your home internet security could be defeated by a cunning hacker with a multimeter claiming he/she is there from Comcast to 'upgrade' your router.

Yes, this exactly, I think this was just on Reddit the other day as I remember reading about this
Some attacks are by government agents claiming to be "Anonymous" in order to justify passing draconian laws like SOPA.
most intrusions these days seem to start with a vulnerable web app, then passwords for that are tried on db's, ssh, etc

good luck, flamoot

From what I know of Anon and Lulzsec a lot of what they do isn't actually 'hacking.' The sheer amount of boxes they have lets them DDOS any site pretty easily. If not DDOS they usually do SQL injections.
Computers and systems built on top of them are so complex there is almost always a way through.
Honestly, the question I'm more interested in is how they hide their tracks. From my knowledge, this can be done with a lot of "geographical" effort by going to public locations that are random and far enough from a person's normal routine, and using hardware that can't be traced to you but I wonder if they actually do this or if they normally do their activities from the comfort of their home.