لولزسك

لولز سكيوريتي
Lulz Security
Lulz Security.svg
شعار لولز سكيوريتي
الاختصارلولوزسك
الشعار الحادي"The world's leaders in high-quality entertainment at your expense"
التشكل15 مايو 2011
انحلت26 يونيو 2011
النوعهاكر
الأعضاءالأعضاء
11
القائدSabu
الانتماءاتAnonymous, LulzRaft, AntiSec
المتطوعون
7

لولز سكيوريتي Lulz Security (أو لولزسك)، هي مجموعة هاكرز تدعي مسئوليتها عن هجمات مختلفة بارزة، منها اختراق حسابات 1.000.000 حساب مستخدم في سوني في 2011، والذي تضرر منها 37.500 مستخدم فقط حسب ما أعلنته سوني. وجذبت لولز سكيورتي الأنظار لأهدافها البارزة وتركها رسائل تهديد بعد قيامها بالهجمات.

وفي 6 يوليو 2011 أعلنت لولزسك عن وقف هجماتها الإلكترونية وتسريح المجموعة وذلك بعد مرور شهرين من الهجمات على المواقع الأمريكية الحكومية الهامة. وجاء الإعلان في رسالة بعثت بها المجموعة على حسابها الشخصي على موقع تويتر للتواصل الاجتماعي ولكن دون ذكر سبب هذا القرار. وقالت مجموعة لولز في بيان نشر على الانترنت " إن رحلة المجموعة التي خطط لها أن تستمر 50 يوما انتهت".[1] ولا تزال هوية أعضاء مجموعة لولز مجهولة ولم يتسن الاتصال بهم للتأكد من الإعلان الذي تم نشره على الانترنت.

صورة روپرت مردوخ على الصفحة الأولى في موقع صحيفة ذه صن البريطانية 19 يوليو 2011.

في 19 يوليو قامت لولز بالهجوم على موقع صحيفة ذه صن البريطانية ووضعت خبرا مزيفا يفيد بأنه قد عثر على الملياردير روپرت مردوخ ميتا في حديقة منزله. [2] وبعد ذلك تم توجيه زوار الموقع إلى صفحة لولز على موقع تويتر للتواصل الاجتماعي، قبل أن تتمكن مؤسسة نيوز إنترناشونال (المملوكة لمردوخ)، التي تمتلك الصحيفة، من إعادة السيطرة على الموقع. وأعلنت مجموعة لولز على تويتر أنها المسؤولة عن هذا الاختراق.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

نظرة عامة

LulzSec draws its name from the neologism "Lulz," (from LOLs) which often signifies laughter at the victim of a prank, and "Sec," short for "Security". The Wall Street Journal has characterized its attacks as closer to internet pranks rather than serious cyber-warfare. It has gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that have been hacked. It frequently refers to Internet memes when defacing websites. The group first emerged in May 2011, and has successfully attacked the websites of several major corporations.[3] It specializes in finding websites with poor security, and then stealing and posting information from them online. It has used well-known straightforward methods, such as SQL injection, to attack its target websites.[4] Several media sources have described their tactics as grey hat hacking.[4][5][6]

The group has used the motto "Laughing at your security since 2011!" and its website, created in June 2011, plays the theme from The Love Boat.[3] It announces its exploits via Twitter and its own website, oftentimes accompanied with lighthearted ASCII art of boats. Its website also includes a Bitcoin donation to help fund its activities.[7] Although the number of members and exact motivation of the group are unknown,[4] Ian Paul of PC World has written that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes."[8] The group has also been critical of white hat hackers, claiming that many of them have been corrupted by their employers.[3]

Some in the security community have lauded them for raising awareness of the widespread lack of effective security against hackers.[9] They have also been credited with inspiring LulzRaft, a group which has been implicated in several high-profile website hacks in Canada.[10]

The group's first recorded attack was against Fox.com's website. It claimed responsibility for leaking information, including passwords, altering several employees' LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants.[11][12]


أهداف أولية

In May 2011, members of Lulz Security hacked into the Public Broadcasting System (PBS) website. They stole user data and posted a fake story on the site which claimed that Tupac Shakur was still alive and living in New Zealand. In the aftermath of the attack, CNN referred to the responsible group as the "Lulz Boat".[13]

Lulz Security claimed that some of its hacks, including its attack on PBS, were motivated by a desire to defend WikiLeaks and Bradley Manning.[14] A Fox News report on the group quoted one commentator, Brandon Pike, who claimed that Lulz Security is affiliated with the hacktivist group Anonymous. Lulz Security claimed that Pike had actually hired it to hack PBS. Pike denied the accusation and claims it was leveled against him because he said Lulz Security was a splinter of Anonymous.[15]

In June 2011, members of the group claimed responsibility for an attack against Sony and took data that included "names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people."[16] The group claimed that it used a SQL injection attack,[17] and was motivated by Sony's legal action against George Hotz for jailbreaking into the PlayStation 3. The group claims it will launch an attack that will be the "beginning of the end" for Sony.[18] Some of the compromised user information has since been used in scams.[19] The group claimed to have compromised over 1,000,000 accounts, though Sony claims the real number was around 37,500.[20]

هجمات لاحقة على مؤسسات

Lulz Security attempted to hack into Nintendo, but both the group and Nintendo itself report that no particularly valuable information was found by the hackers.[21] LulzSec claims that it did not mean to harm Nintendo, declaring: "We're not targeting Nintendo. We like the N64 too much — we sincerely hope Nintendo plugs the gap."[22]

On June 8th, LulzSec hacked into the website of Black & Berg Cybersecurity Consulting, a small network security company, and changed the image displayed on their front page to one containing the LulzSec logo. They did so after the company had issued a "Cybersecurity For The 21st Century, Hacking Challenge", in which they challenged hackers to hack the site and alter the homepage graphic. The intrusion came after Joe Black, an owner of the company posted the message "Black & Berg Cybersecurity Consulting appreciate all the hard work that you're putting in. Your Hacking = Clients for us. Thx" to the LulzSec Twitter account. Though Black & Berg offered a prize of $10,000 and a position with the company for the successful hack, members of LulzSec declined the offer.[23] Instead, the website contained the reply "DONE, THAT WAS EASY. KEEP THE MONEY, WE DO IT FOR THE LULZ".[24]

On June 11th, reports emerged that LulzSec reportedly hacked into and stole user information from the pornography website www.pron.com. They obtained around 26,000 e-mail addresses and passwords. Among the information stolen are records of six users who subscribed from .gov and .mil e-mail addresses as well as administrator information from 55 other adult-oriented websites. Following the breach, Facebook locked the accounts of all users who had used the published e-mail addresses, and also blocked new Facebook accounts opened using the leaked e-mail addresses. They feared that users of the site would get hacked after LulzSec encouraged people to try and see if these people used identical user name and password combinations on Facebook as well.[25]

LulzSec hacked into the Bethesda Game Studios network, they posted information taken from the network onto the Internet, though they refrained from publishing 200,000 compromised accounts.[26] LulzSec posted the following message to Twitter regarding the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks, Please fix your junk, thanks!" [27]

On June 14th, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday". These websites were Minecraft, League of Legends, The Escapist, and IT security company Fin Fisher.[28] They also attacked the login servers of the massively multiplayer online game EVE Online, which also disabled the game's front-facing website, and the Free to Play MOBA League of Legends login servers. Most of the takedowns were performed with denial-of-service attacks.[29]

هجمات حكومية

LulzSec claims to have hacked InfraGard, a company affiliated with the FBI that does work on botnet detection,[3] in June 2011. The group leaked some of Infragard's e-mails and a database of users.[30] The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS," accompanied with a video. LulzSec has posted the following message regarding the attack:

"It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it [...]."[31]

On June 9th, LulzSec sent an email to the administrators of the British National Health Service, informing them of a security vulnerability discovered in NHS systems. LulzSec stated that they did not intend to exploit this vulnerability, saying in the email that "We mean you no harm and only want to help you fix your tech issues."[32]

في 13 يونيو، نشرت لولزسك البريد الإلكتروني وكلمات الدخول لمستخدمين في مجلس الشيوخ الأمريكي.[33] وتضمنت المعلومات المسربة أيضا root directory لأجزاء من الموقع الإلكتروني. وأعلنت لولزسك أن: "This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?" referencing a recent statement by the The Pentagon that some cyberattacks could be considered an act of war. No highly sensitive information appears in the release.[34]

الرسالة التي تركتها لولزسك.

في 19 يونيو أعلنت شركة ألعاب الفيديو اليابانية سـِگا پاس عن اختراق حسابات 1.3 مليون مستخدم لها في اوروپا.[35] وحدثت سرقة المعلومات عبر اختراق موقع وحدتها العاملة في اوروپا. بيد أن الشركة طمأنت الزبائن بأن بيانات بطاقات ائتمانهم لم تتعرض للسرقة في هذا الاختراق اذ إن موقعها الأوروبي الذي يدار من لندن لم يكن يحتوي بيانات بطاقات الائتمان للزبائن.[36]

انظر أيضا

المصادر

  1. ^ "مجموعة "لولز" للقرصنة توقف هجماتها الالكترونية". بي بي سي. 2011-07-06. Retrieved 2011-07-06.
  2. ^ "مجموعة لولز للقرصنة تخترق موقع صحيفة الصن". بي بي سي. 2011-07-19. Retrieved 2011-07-19.
  3. ^ أ ب ت ث Morse, Andrew; Sherr, Ian (6 June 2011). "For Some Hackers, The Goal Is Just To Play A Prank". The Wall Street Journal. p. B1. Retrieved 6 June 2011.
  4. ^ أ ب ت "Q&A: Lulz Security". BBC. 6 June 2011. Retrieved 6 June 2011.
  5. ^ Mitchell, Dan (9 June 2011). "Yet another hack, yet another delay in reporting it". CNN Money. Retrieved 11 June 2011.
  6. ^ Raywood, Dan (10 June 2011). "Security expert publicly backs 'grey hats' such as LulzSec, saying that public disclosure will help businesses". SC Magazine. Retrieved 11 June 2011.
  7. ^ Olson, Parmy (6 June 2011). "LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation". Forbes. Retrieved 7 June 2011.
  8. ^ Paul, Ian. "Lulz Boat Hacks Sony's Harbor: FAQ." PC World. June 3, 2011. Retrieved on June 6, 2011.
  9. ^ Ragan, Steve (8 June 2011). "One month later – LulzSec continues their personal brand of comedy". The Tech Herald. Retrieved 9 June 2011.
  10. ^ Beltrame, Julian (8 June 2011). "Hacker without a cause scores with Harper 'breakfast incident' hoax". The Canadian Press. Retrieved 10 June 2011.
  11. ^ "Who is LulzSec, Hacker of PBS? Are they hacking Sony again?". International Business Times. Retrieved 3 June 2011.
  12. ^ Poulsen, Kevin. "Sony Hit Yet Again; Consumer Passwords Exposed". Wired. Retrieved 3 June 2011.
  13. ^ CNN Wire Staff. "Hackers pirate PBS website, post fake story about Tupac still alive". CNN. Retrieved 3 June 2011. {{cite web}}: |last= has generic name (help)
  14. ^ Olson, Parmy. "Interview With PBS Hackers: We Did It For 'Lulz And Justice'". Forbes. Retrieved 3 June 2011.
  15. ^ Kaplan, Jeremy (2 June 2011). "Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs". Fox News. Retrieved 3 June 2011.
  16. ^ Pepitone, Julianne (2 June 2011). "Group claims fresh hack of 1 million Sony accounts Money". CNN. Retrieved 3 June 2011.
  17. ^ Ogg, Erica. "Hackers steal more customer info from Sony servers". CNET. Retrieved 3 June 2011.
  18. ^ Reisinger, Don. "Tupac hackers to Sony: 'Beginning of the end'". CNET. Retrieved 3 June 2011.
  19. ^ Ars Staff. "Lulz? Sony hackers deny responsibility for misuse of leaked data". Ars Technica. Retrieved 3 June 2011.
  20. ^ Olivarez-Giles, Nathan (9 June 2011). "Sony Pictures says LulzSec hacked 37,500 user accounts, not 1 million". Los Angeles Times. Los Angeles. Tribune Company. Archived from the original on 12 June 2011. Retrieved 12 June 2011.
  21. ^ "LulzSec Hacks Nintendo: No User Information Released". PCMag. 5 June 2011. Retrieved 5 June 2011.
  22. ^ "Nintendo Is Hit by Hackers, but Breach Is Deemed Minor". New York Times. 5 June 2011. Retrieved 5 June 2011.
  23. ^ "LulzSec wins hacking competition, refuses $10k award". International Business Times. مدينة نيويورك. 8 June 2011. Retrieved 8 June 2011.
  24. ^ "Black & Berg Cybersecurity Consulting, LLC". Black & Berg Cybersecurity Consulting. Archived from the original on 8 June 2011. Retrieved 8 June 2011.
  25. ^ Thomas, Keir (11 June 2011). "Porn Site Users Beware: Hacker Group LulzSec May Have Posted Your Email Address". PC World. IDG. Archived from the original on 11 June 2011. Retrieved 11 June 2011.
  26. ^ Albanesius, Chloe. "LulzSec Targets Bethesda Softworks, Porn Site". PC magizine. Retrieved 13 June 2011.
  27. ^ Ben, Kuchera. "LulzSec hackers demand hats, threaten release of Brink user data". Ars Technica. Retrieved 13 June 2011.
  28. ^ Bright, Peter (14 June 2011). "Titanic Takeover Tuesday: LulzSec's busy day of hacking escapades". Ars Technica. Condé Nast Publications. Archived from the original on 14 June 2011. Retrieved 14 June 2011.
  29. ^ Peckham, Matt (14 June 2011). "LulzSec Knocks 'Minecraft,' 'EVE Online,' 'League Of Legends' and 'The Escapist' Offline Read more: http://techland.time.com/2011/06/14/lulzsec-knocks-minecraft-eve-online-league-of-legends-and-the-escapist-offline/#ixzz1PI1veH4u". Time. مدينة نيويورك. Time Inc. Archived from the original on 14 June 2011. Retrieved 14 June 2011. {{cite news}}: External link in |title= (help)
  30. ^ "LulzSec claims to have hacked FBI-affiliated website". LA Times. Retrieved 4 June 2011.
  31. ^ Read, Max. "LulzSec Hackers Go After FBI Affiliates". Gawker. Retrieved 4 June 2011.
  32. ^ "Hackers warn NHS over security". BBC. Retrieved 9 June 2011.
  33. ^ Ogg, Erica (13 June 2011). "LulzSec targets videogame maker ZeniMax Media". CNET.com. CBS Interactive. Archived from the original on 13 June 2011. Retrieved 13 June 2011.
  34. ^ Morse, Andrew (13 June 2011). "LulzSec Hacker Group Claims Attack On US Senate Website". The Wall Street Journal. News Corporation. Archived from the original on 13 June 2011. Retrieved 13 June 2011.
  35. ^ ripten
  36. ^ سيغا تؤكد سرقة بيانات 1.29 مليون مستخدم، بي بي سي

وصلات خارجية