|
|
此文章由 ITtraining 原创或转贴,不代表本站立场和观点,版权归 oursteps.com.au 和作者 ITtraining 所有!转贴必须注明作者、出处和本声明,并保持内容完整
一个新的黑客组织在短短几周内攻破了一些包括CIA, US Senate, 一个FBI下属机构,Sony和一些视频游戏公司的服务器。
Lulzsec声称对今日CIA网站离线事故负责。 该组织在Twitter上有15万追随者,昨天甚至设置了一个美国电话热线供用户拨打并要求攻击的目标。
该组织还针对美国参议员网站,nintendo和游戏开发BethesdaSoftware,FBI下属机构Infraguard和美国媒体公司PBS以及一些在线游戏公司进行了攻击。
在众多攻击后包括美国参议院,pron.com色情网站, Lulzsec还将一些机密数据发到网上,比如用户名和密码。这份名单甚至透露注册观看色情网站的白宫人员的email地址(monkey1) 。
Move over Anonymous - a new hacking group is on the block and in just a few weeks it has claimed several high-profile scalps including the CIA, US Senate, an FBI affiliate, Sony and several video games companies.
The CIA's website has been knocked offline today and the hacker group, which calls itself Lulzsec, has claimed responsibility. The group has amassed more than 150,000 followers on Twitter and yesterday even set up a US phone hotline for people to call and request targets.
Security journalist Patrick Gray, who runs the Risky.biz podcast, said the recent hack attacks proved that "there is no security".
Advertisement: Story continues below
The tweet claiming responsibility for the CIA takedown.
The Lulzsec hacks come after Australian banks, government departments and other organisations were forced to upgrade their security rapidly following a breach at security provider RSA. The RSA breach resulted in a break-in at defence contractor Lockheed Martin.
Sony, following a major breach of its PlayStation Network that exposed millions of accounts and credit cards, has spent the last few weeks fending off dozens of successful attacks on its networks and websites around the world.
Lulzsec has claimed responsibility for some of these Sony attacks including against Sony Pictures, Sony Music Japan and others.
"The mainstream media are having fun criticising Sony for its poor security, but do we honestly think for a second that the XBox Live network can't be similarly [hacked]," Gray wrote.
"Is there any target out there that can't be 'gotten'?"
Growing list of targets
The group has also targeted the US Senate website, Nintendo, game developer Bethesda Software, FBI-affiliate Infraguard, US media company PBS and several online multiplayer games such as EVEOnline, League of Legends and Minecraft.
In many of the attacks, including on Bethesda, the US Senate and pornography website pron.com, Lulzsec also released sensitive data online such as the usernames and passwords of users. These lists even revealed that people with White House email addresses had signed up to watch porn.
"While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are - in the worst cases - having their personal data exposed," said Graham Cluley of computer security firm Sophos.
"There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data. You don't have to put innocent people at risk. What's disturbing is that so many internet users appear to support Lulzsec as it continues to recklessly break the law."
Lulzsec claims it is conducting the attacks "for the lulz", which is internet parlance for "for the laughs".
Other attacks to hit the news recently include a breach of Gmail accounts connected to activists in China and a hack on the International Monetary Fund.
Australian organisations exposed
James Turner, security analyst at IBRS, said that, for Australian organisations, Lulzsec was concerning.
"Any thinking person would like to have a completely secure website and IT infrastructure, but perfect security is either prohibitively expensive or simply impractical so we try to strike a balance," he said.
"Lulzsec is raising the issue of IT security at executive levels - which is useful - but not many Australian organisations have pots of cash sitting around that they can dive into for extra IT security budget. And they certainly don't have slack headcount just sitting on their hands waiting to spring into action."
He said this meant that Australian organisations could not "do much to significantly improve their IT security in the short term, and this leaves them vulnerable to attack".
"So while Lulzsec is raising the issue, Australian organisations cannot immediately defend themselves. Sure, the generally low levels of security are not great, but attacking organisations because of their low security is like saying that the victim was asking for it, and that's just morally bankrupt.
"Let's not forget that, ultimately, whether the attacker is a group of pranksters like Lulzsec, or hardcore organised crime gangs, the outcome is the same; there is an attacker and a victim. So really, Lulzsec are still muggers, but pretending to be not as bad as the other kind of muggers, who operate in secret."
Lulzsec v Anonymous
Lulzsec's arrival on the hacking scene has caused some friction with the other notorious internet hacking collective dubbed Anonymous, which has been responsible for all manner of web attacks including taking down some Australian government websites as part of a protest against internet censorship legislation.
The two groups have been taking potshots at each other over Twitter.
The Lulzsec telephone hotline reportedly received thousands of voicemail messages. One radio show managed to get through and published a recording of their chat online.
Callers are now met with a voicemail message saying: "We are not available right now as we are busy raping your internet. Leave a message and we will get back to you whenever we feel like."
After the US Senate's website was hacked over the weekend, the site was targeted a second time this week but a security spokeswoman insisted no sensitive data was exposed.
"They're getting nothing but the attacks continue," Martina Bradford, the deputy Senate sergeant at arms, said.
"We've been able to stay ahead of the hackers and keep them out of the main Senate network."
Hackers should use powers for good not evil
Sophos's Paul Duckin said Lulzsec might only be one person. "Your guess is as good as mine," he said.
He said Lulzsec appeared to be "attacking targets without rhyme or reason".
"It could just be one person in his own bedroom mounting [these] attacks."
A poll of 1500 on the Sophos blog recently found about 40 per cent of its readers believed what Lulzsec was doing was fun and that they were teaching security experts a lesson, Ducklin said. The other 60 per cent said that it was bad and not acceptable.
He said Lulzsec was not proving anything. "It's a bit like if you throw a brick at a bus shelter it shatters," he said. "We know it breaks; we already know that. Thanks."
Ducklin said hackers, instead of using their power for evil, should donate their time to doing something useful. They could do so by visiting a site such as hackersforcharity.org.
The hackersforcharity.org site helps people with little knowledge in computer security and even allows a hacker to help build a website for those in developing nations.
"If you actually have some moral spine as a hacker you can actually give that time away," Ducklin said.
"Why do you have to destroy and damage stuff and leak people's personally identifiable information in order to prove a point? Why not just help people and solve the problem instead of being a part of it?"
- with Reuters
Read more: http://www.smh.com.au/technology ... .html#ixzz1POpQ4a5M
[ 本帖最后由 ITtraining 于 2011-6-16 12:06 编辑 ] |
评分
-
查看全部评分
|
读晋书乱弹系列1 - 聊聊八王之乱的起源 (2010-1-29) Melbourner1978 
发表于 2011-6-16 12:01
