So they’ve nicked that kid from a leafy suburb in Essex for being a cyber terrorist! But how do they do it, I know my way around my old laptop running vista but I presume there’s a little more required when hacking CIA databases. I presume it’s not just a case of logging onto the homepage and getting lucky with a few password guesses! These guys could surely sack all that off and make a living softly softly fleecing people/banks etc!

i know someone who knows someone. getting in is the simple part, covering all tracks is the hard part. i think that’s why there isn’t so much ‘fleecing’ going on – that we’re aware of.

Various techniques, some simple, some very very clever.

Rumour is that the kiddy from Wickford got caught as he was hosting the IRC room they were using. No idea why he wouldn’t use TOR or similar for this though?

Worrying for him though is that the US somehow gave Gary McKinnon the label of ‘super-hacker’ yet AFAIK he was just guessing passwords using VNC or RDP. Nothing clever at all.

Well.. there are lots of ways to hack. It depends what you mean by ‘hack’ too. You used to be able to do stuff like send a website too much information calling to to fall over, and in falling over it would spill some interesting information… or you could send it loads of information which was in fact code that it would end up executing – so you put code in there that did something you wanted like gave you access or email you stuff for example.

There are loads of approaches. Actually gaining access to a system so you can use it like a normal computer is quite hard though afaik and rare, unless someone’s left part of it unsecured, they’ve chosen a stupid password, or you sleep with someone with access, and so on. Which happens a lot.

I presume it’s not just a case of logging onto the homepage and getting lucky with a few password guesses

Bit more to it than that! It’s like asking how someone breaks into a house – there are literally hundreds of different ways.

Probably some of the most common are exploiting bugs on the web server/service (that’s how STW was “hacked” back in the day) or social engineering (calling up, pretending to be IT, getting users to do things, reveal information etc).

In the Census Data hack/nonhack there were stories that Lockheed Martin had intrusions due to a bug in the little RSA Security keyrings that they issue to employees.

leafy suburb in Essex

You’ve never been to Wickford have you!

Stupid hackers get caught – McKinnon is the perfect example.

There are various ways to cover your tracks – LiveCDs, internet cafe’s, remote server you connect to in Russia (and do your dirty work from).

Computer security is a fascinating topic, quite an interest of mine…

When STW was hacked – what was the point? Just malicious behaviour, for the lulz, or are they looking to exploit information they find?

or are they looking to exploit information they find?

How many users on stw have registered the same email addresses and password as they use for their paypal account?

Some aren’t looking for anything logical like money, they just want to watch things burn

Don’t have my email on here for that reason! Plus I don’t want any of you feckers signing me up for ladyboydoggers.com 😆

When STW was hacked – what was the point? Just malicious behaviour, for the lulz, or are they looking to exploit information they find?

Late 2008 I think it was. Lone “script kiddie” hacker trying to make his name with a larger hacking group. Purely done for the lulz as far as we know (there wasn’t anything terribly exciting in the database – I still have a copy somewhere so I can guess peoples passwords when I need too 😈 )

You’ve never been to Wickford have you!

It’s particularly nice up near the Crays Hill end.

How many users on stw have registered their email addresses and password the same as their paypal account?

57 so far. 😈

(Seriously though, set up two-stage authentication on Paypal. Then when you try to log in they text you a six-digit code which you have to enter. MUCH safer!)

Don’t have my email on here for that reason!

Presumably you had to use an email to register, even if it’s not public. If you also happen to use your STW password to access that same email account, which may hold all sorts of relic emails from PayPal et al., then you’ve worked out why they’d want to hack a database with this many users….

I was wondering what useful information the hackers could gain from a database populated by overweight middle aged men with too many bikes 😉

On a related note, I wonder if lulzsec will go after Imperva, in the same way Anonymous went after HBGary.

Seriously though, set up two-stage authentication on Paypal. Then when you try to log in they text you a six-digit code which you have to enter. MUCH safer!

Didn’t know you could do that. Cheers.

As someone who makes his living from security and has done for almost 20 years now Inc. setting up and selling two separate IT security related companies all I will say is that breaking into stuff is stupidly easy. We still do it now as a job and it does my head in sometimes that in the space of 5 minutes we will have totally compromised a system. Saying that it is a complex business problem and not all about technology. While I understand the sentiment of all the latest compromises it’s not a great look really. Saying that, is generating more business for us so that’s nice.

Passwords and paypal aside, there’s a value to a big long list of current email addresses. Spammers sell and resell this sort information constantly.

I was wondering what useful information the hackers could gain from a database populated by overweight middle aged men with too many bikes

A group with a higher-than average number of middle-aged men in stressful jobs with lots of disposable income. If I had a shipment of Viagra I needed shut of in a hurry, I’d be hacking STW’s user database myself.

Bit coin allegedly the best currency for buying and selling that sort of information not that I have used it for that ever at all…legit as always.

Just send them a photo of a niche cx bike, that’ll give them a hard one….

…..Looks VERY suspiciously at Molgrips and GrahamS. 😯

Wrightyson,all set up for you mate.

Cheers GrahamS – just set up two stage on Paypal – great idea!

I’ve worked in IT security for 12 years, “hacking” for most it. When I do it, I get paid by a company and I tell them how I get in and how to fix it. They then decide whether to bother or not – often they don’t as the prioritise profit making activities and take a chance.

These guys are just calling the companies bluff and actually doing them and shouting about it. They can bury the private report I write for them, but they can’t remove posts from Lulzsec on twitter. This shit has been waiting to happen for years and I for one am glad it has.

Hmm.. I like the paypal system, will set that up. I thought of that idea when I worked in London in 2000.. full of good ideas, me.