40 replies to this topic

[CJ]

A good example of company who doesn't give a shit about costumers : EA Games.
Did any of you know that 550K BF Heroes accounts were hacked, and all of their Username/email/password combos were released? Just thought I'd mention that...

[deltaepsilon]

Yeah, I heard about that, luckily I don't play BFH...

But I don't see why you'd need to also screw over the customers of whatever company you've got a vendetta against, they haven't done anything.

[CJ]

Sure, harming the customers is not good, but would the companies have had proper security at first, this wouldn't of have happened. And if they merely said that they hacked so many DBs without posting anything to prove it, no one would have believed them, and companies such as Sony would not have bothered with finally putting some real security system on their servers.

And when someone is capable of hacking the stupid FBI with a mere SQLi, it's a proof that those guys are morons. Come on, I know 3 of my friends who can make injections, it's the most basic thing in piracy

... I like how EA didn't even bother sending me a mail to tell me that my BFH account has been compromised btw

[General]

CJ, on 27 Jun 2011, 12:36, said:

Sure, harming the customers is not good, but would the companies have had proper security at first, this wouldn't of have happened. And if they merely said that they hacked so many DBs without posting anything to prove it, no one would have believed them, and companies such as Sony would not have bothered with finally putting some real security system on their servers.

And when someone is capable of hacking the stupid FBI with a mere SQLi, it's a proof that those guys are morons. Come on, I know 3 of my friends who can make injections, it's the most basic thing in piracy

... I like how EA didn't even bother sending me a mail to tell me that my BFH account has been compromised btw

There is no such a thing like proper security if it is online, you know even best intelligence agencies get hacked

[CJ]

All of LulzSec targets got hacked with simple SQLi, there's a bunch of websites about "hacking for dummies" which have tutorials on that in their beginner section.
What's bothering me is not that PSN, EA, and other companies got hacked, what's bothering me is that any wannabe hacker could have done that which proves that those sites are not even slightly secure.

[TheDR]

But secure of who? Hackers? Doesn't it seem a bit ironic that the whole point of this exercise is to make sure the public doesn't loose personal information and the way these stupid hacktivists are doing it is by releasing personal information. They could of changed the companies sites to say they have been hacked or any other manner of hacking that does't effect the population.

These are a bunch of idiots who are just looking for attention, no one with any sense of moral code would release potentially dangerous levels of personal data of the general public who have done nothing to deserve it. So, if these hackers don't have any moral code, then the reasons for them doing it are about getting personal fame and being generally annoying, which is the opposite goal of any activist.

TL;DR: Any good that comes out of these hacks are purely a mistake when it's obvious these scumbags only care about themselves.

[deltaepsilon]

^ Exactly. They're nothing more than a bunch of glorified trolls.

[Alias]

CJ, on 27 Jun 2011, 20:54, said:

All of LulzSec targets got hacked with simple SQLi, there's a bunch of websites about "hacking for dummies" which have tutorials on that in their beginner section.
What's bothering me is not that PSN, EA, and other companies got hacked, what's bothering me is that any wannabe hacker could have done that which proves that those sites are not even slightly secure.

There is no such thing as security on the internet, merely different levels of insecurity.

It is utterly foolish and downright childish to blame the release of information on the companies, it's the bloody hackers releasing the information. I'd have a slight bit more sympathy for them if that wasn't the case.

Let's put it this way:
An arsonist sees an old house made of wood. He burns it, but blames the house burning down not on his arson but rather on the fact that the homeowner bought a house made of a flammable material.

Does that really sound sensible to you, really?

(by the way, this is a pretty interesting topic, admin split?)

Edited by Alias, 27 June 2011 - 11:29.

[SquigPie]

*Hackers hack EVE, Codemasters and every single small company*
*Leaves Activision and Microsoft unscathed*

How the fuck does this sound righteous in any way?!

Also, what Alias said.

Edited by SquigPie, 27 June 2011 - 11:48.

[CJ]

Why the fuck is this a separate topic?
EDIT : Oh I see, unannounced topic split...

Also, @Alias : stop using silly comparisons in every topic you take part in.
When you sign up on a website, you usually have a promise that your data is secure, and that your password will be encrypted in the database in such a way that no one can recover it even in case of piracy. I've looked at the BFH acocunts leak, to decrypt it, simply put the hashcodes in front of each nick on google, how is that called encryption?

Edited by CJ, 27 June 2011 - 12:00.

[Alias]

CJ, on 27 Jun 2011, 21:56, said:

Also, @Alias : stop using silly comparisons in every topic you take part in.
When you sign up on a website, you usually have a promise that your data is secure, and that your password will be encrypted in the database in such a way that no one can recover it even in case of piracy. I've looked at the BFH acocunts leak, to decrypt it, simply put the hashcodes in front of each nick on google, how is that called encryption?

How is it a silly comparison? It is a reasonable analogy and gets the point across.
Nobody can completely promise anything. I just looked at EA's Terms and Conditions for their games (including Battlefield Heroes).

Here is an excerpt:

Quote

The security of you and your child's personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and in storage. When you enter sensitive information (such as a credit card number) on our registration or order forms, we encrypt that information using 128-bit secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact the Privacy Policy Administrator in your country listed on our site at privacyadmin.ea.com, or if your country is not listed, by contacting the Privacy Policy Administrator in the United States.

Source: http://legal.ea.com/...jsp?language=en

They can never promise your details will never be compromised, just like the police can never completely promise that an arsonist will never burn down your house.

Edited by Alias, 27 June 2011 - 12:09.

[RaiDK]

[rant]

Well, I'm sure glad nobody is here defending them or saying Antisec is noble or whatever, because if there was I would be ripping into them so hardcore right now.

Lulzsec, and Anonymous as a whole, are in it for the lulz, nothing else. If they can put up a smokescreen to make it look noble then that's convenient for them.

As it's been mentioned, nothing they were doing was particularly complex. And hell, AntiSec is NOT the "Glorious worldwide movement" they claim it is: Having 600 people in a single IRC chat room to me says that nobody cares. Chances are it'll fade to black just as every other so-called Anonymous campaign has.

Alias's comparison is completely valid. They were posting these passwords on Google, people were getting their emails, Amazon and Paypal accounts broken into. Who knows what damage people have sustained from this. And don't tell me it's their fault for reusing passwords: Try telling that to little Sally Jones who's Facebook was plastered with adult content because some idiot group had to boast about what they could do.

[/rant]

Edited by RaiDK, 27 June 2011 - 12:06.

[CJ]

Alias, on 27 Jun 2011, 13:00, said:

Because it's an interesting thing to discuss, perhaps?

Maybe, but it was posted under my name, so you'll understand why I was confused for a second there.

RaiDK, on 27 Jun 2011, 13:02, said:

Well, I'm sure glad nobody is here defending them or saying Antisec is noble or whatever, because if there was I would be ripping into them so hardcore right now.

Lulzsec, and Anonymous as a whole, are in it for the lulz, nothing else. If they can put up a smokescreen to make it look noble then that's convenient for them.

As it's been mentioned, nothing they were doing was particularly complex. And hell, AntiSec is NOT the "Glorious worldwide movement" they claim it is: Having 600 people in a single IRC chat room to me says that nobody cares. Chances are it'll fade to black just as every other so-called Anonymous campaign has.

Alright, lemme get this right : You're saying that every campaign of Anonymous is useless?

[Wizard]

To draw people out of LPTPW with a constructive discussion would be my bet.

There are many who are at fault here tbh. Lulzsec (I corrected the topic typo btw) for hacking, purely for the sake of attention whoring, because that is what it is, and the companies who are hacked because they have clearly not taken reasonable steps to protect their clients data, something that in the UK they are obliged to do by statute. I would be interested to see if there would be any way to actually penalise these companies either by law or punitively, for their lack of diligence to private data.

On the moral grounds, pffft, please, these are saddo teenagers with asbergers who literally have nothing else to do than start memes and root around with internet code. They have no morals.

[Alias]

CJ, on 27 Jun 2011, 22:05, said:

RaiDK, on 27 Jun 2011, 13:02, said:

Well, I'm sure glad nobody is here defending them or saying Antisec is noble or whatever, because if there was I would be ripping into them so hardcore right now.

Lulzsec, and Anonymous as a whole, are in it for the lulz, nothing else. If they can put up a smokescreen to make it look noble then that's convenient for them.

As it's been mentioned, nothing they were doing was particularly complex. And hell, AntiSec is NOT the "Glorious worldwide movement" they claim it is: Having 600 people in a single IRC chat room to me says that nobody cares. Chances are it'll fade to black just as every other so-called Anonymous campaign has.

Alright, lemme get this right : You're saying that every campaign of Anonymous is useless?

Give us an example of one thing anonymous has actually done that has been useful.

By the way, check my above post as I edited it as you edited yours right before I posted mine.

[RaiDK]

CJ, on 27 Jun 2011, 22:05, said:

Alright, lemme get this right : You're saying that every campaign of Anonymous is useless?

I won't say nothing they've ever done has had consequences, but you'd be deluding yourself if you think they're doing it for anything other than their own entertainment.

Edited by RaiDK, 27 June 2011 - 12:30.

[SquigPie]

Hell, I've not even seen anyone on 4chan defending these guys. Everyone hates LulzSec.

Anonymous is a bunch of retards. Their sense of humour indicates that none of them are a day over 12. Sometimes they attack someone where it's justified (Scientology). But most of the time it's just like this, a bunch of attention-whoring kids thinking they're pro-hackers.

Edited by SquigPie, 27 June 2011 - 12:36.

[CJ]

TheDR, on 27 Jun 2011, 12:18, said:

But secure of who? Hackers? Doesn't it seem a bit ironic that the whole point of this exercise is to make sure the public doesn't loose personal information and the way these stupid hacktivists are doing it is by releasing personal information. They could of changed the companies sites to say they have been hacked or any other manner of hacking that does't effect the population.

Who said the whole point of the thing is to make sure that the public doesn't lose personal info? AFAIK, LulzSec says they're doing this to force the companies to review their security (and they succeeded in that, seeing as how most of the companies which were attacked are now hiring proper web-developers to protect them against SQLi) as well as showing to the world that these so called security experts at the FBI and other 3 letter organizations are in fact incapable of protecting their own data...

TheDR, on 27 Jun 2011, 12:18, said:

These are a bunch of idiots who are just looking for attention, no one with any sense of moral code would release potentially dangerous levels of personal data of the general public who have done nothing to deserve it. So, if these hackers don't have any moral code, then the reasons for them doing it are about getting personal fame and being generally annoying, which is the opposite goal of any activist.

I don't think you can really consider that as fame... The name LulzSec maybe famous, but its members can't really be boasting around about it.

SquigPie, on 27 Jun 2011, 12:47, said:

*Hackers hack EVE, Codemasters and every single small company*
*Leaves Activision and Microsoft unscathed*

How the fuck does this sound righteous in any way?!

It doesn't. Nobody said what they were doing was righteous anyway. I'm sure that not even them consider themselves righteous...
Also, Activision can't really be attacked since most of their games accounts' are stored on steam, which I'm fairly sure can't be hacked with a mere SQLi.

Alias, on 27 Jun 2011, 13:00, said:

Here is an excerpt:

Quote

The security of you and your child's personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and in storage. When you enter sensitive information (such as a credit card number) on our registration or order forms, we encrypt that information using 128-bit secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact the Privacy Policy Administrator in your country listed on our site at privacyadmin.ea.com, or if your country is not listed, by contacting the Privacy Policy Administrator in the United States.

Source: http://legal.ea.com/...jsp?language=en

They can never promise your details will never be compromised, just like the police can never completely promise that an arsonist will never burn down your house.

"Therefore, while we strive to use commercially reasonable means to protect your personal information"
Well then, to keep it in the same theme as your comparison, I'd say that in this case, the arsonist used a simple lighter to burn down the whole house, because as I already said countless times, an SQL injection is probably the easiest thing to do for any wannabe hacker. The fact that they hacked the BFH servers that way shows that they haven't even tried to protect the info, because securing a website against SQLi is not that hard, not is it costly.

Alias, on 27 Jun 2011, 13:11, said:

CJ, on 27 Jun 2011, 22:05, said:

RaiDK, on 27 Jun 2011, 13:02, said:

Well, I'm sure glad nobody is here defending them or saying Antisec is noble or whatever, because if there was I would be ripping into them so hardcore right now.

Lulzsec, and Anonymous as a whole, are in it for the lulz, nothing else. If they can put up a smokescreen to make it look noble then that's convenient for them.

As it's been mentioned, nothing they were doing was particularly complex. And hell, AntiSec is NOT the "Glorious worldwide movement" they claim it is: Having 600 people in a single IRC chat room to me says that nobody cares. Chances are it'll fade to black just as every other so-called Anonymous campaign has.

Alright, lemme get this right : You're saying that every campaign of Anonymous is useless?

Give us an example of one thing anonymous has actually done that has been useful.

By the way, check my above post as I edited it as you edited yours right before I posted mine.

- Providing a bunch of VPN hosts for the Tunisians when Ben Ali censored the internet, and they're still doing it for the other countries where there is censorship. At one point, it was the only way for us to access the internet.
- Downing several governmental websites in the countries which are currently revolting against their dictators. That's basically the sole foreign support that those revolting people have right now, since the "civilized" countries' governments support the dictators. And even if it's a moral support more than anything else, it's still better than nothing.
- Supporting WikiLeaks, and providing a bunch of the leaked documents which are on that website (LulzSec are doing the same btw, such as what happened with the Chinga la Migra release)

Now, this might sound totally pointless to you, since you're living in a country which is (supposedly) a democratic one, and that you surely don't give a damn about knowing the truth as long as you're living a happy life.
If it weren't for Anonymous, people wouldn't have known that half the developed countries fully supported Ben Ali and other dictators...

RaiDK, on 27 Jun 2011, 13:11, said:

CJ, on 27 Jun 2011, 22:05, said:

Alright, lemme get this right : You're saying that every campaign of Anonymous is useless?

I won't say nothing they've ever done has had consequences, but you'd be deluding yourself if you think they're doing it for anything other than their own entertainment.

If someone does something useful for me, I won't complain about it, whether he did that on purpose or not, for his own good or not.

SquigPie, on 27 Jun 2011, 13:35, said:

Hell, I've not even seen anyone on 4chan defending these guys. Everyone hates LulzSec.

Who cares about what that bunch of retards on 4chan thinks anyway? And for the record, the reason for which they hate them is because LulzSec insulted /b/tards when those claimed that LulzSec was initiated by 4chan.

SquigPie, on 27 Jun 2011, 13:35, said:

Anonymous is a bunch of retards. Their sense of humour indicates that none of them are a day over 12. Sometimes they attack someone where it's justified (Scientology). But most of the time it's just like this, a bunch of attention-whoring kids thinking they're pro-hackers.

The "funny" thing is that LulzSec has no pretention of being a group of pro hackers at all, if you had looked at their Twitter account, you would have seen that they recognize that the methods that they're using are not advanced, far from it.
http://twitter.com/#...549198070874112

Edited by CJ, 27 June 2011 - 12:54.

[Golan]

LulzSec's and Anonymous' actions pretty much make any moral justification void. There are many good reasons to oppose and undermine today's handling of information, especially by large companies, but at the end of the day the guys are worse than what they claim to fight against.
Seriously, it's like burning down a house to show its fire alarm system doesn't work.

[CJ]

Golan, on 27 Jun 2011, 13:50, said:

LulzSec's and Anonymous' actions pretty much make any moral justification void. There are many good reasons to oppose and undermine today's handling of information, especially by large companies, but at the end of the day the guys are worse than what they claim to fight against.
Seriously, it's like burning down a house to show its fire alarm system doesn't work.

I totally agree with that. But in the same time, there's sadly not many other ways to oppose how these big firms works than piracy.

[Alias]

CJ, on 27 Jun 2011, 22:43, said:

"Therefore, while we strive to use commercially reasonable means to protect your personal information"
Well then, to keep it in the same theme as your comparison, I'd say that in this case, the arsonist used a simple lighter to burn down the whole house, because as I already said countless times, an SQL injection is probably the easiest thing to do for any wannabe hacker. The fact that they hacked the BFH servers that way shows that they haven't even tried to protect the info, because securing a website against SQLi is not that hard, not is it costly.

Even the smallest flame can burn down a house, you're proving my point.

If you haven't noticed, Battlefield Heroes is a free game, the FBI affiliate that was hacked was a not-for-profit and PBS which was also hacked is a non-profit organisation. The only major one that deserves your criticism is Sony (and EA, to an extent).

Companies which are not-for-profit pretty much survive off donations, I don't exactly think network security would be high on their list, not to mention I don't see at all how LulzSec comprimising them is at all useful. What do you get out of hacking a not-for-profit?

CJ, on 27 Jun 2011, 22:43, said:

If it weren't for Anonymous, people wouldn't have known that half the developed countries fully supported Ben Ali and other dictators...

Perhaps in Tunisia, but over here it has been long known (as in, before the internet) that America has propped up and supported dictators for many decades now.

CJ, on 27 Jun 2011, 22:43, said:

If someone does something useful for me, I won't complain about it, whether he did that on purpose or not, for his own good or not.

How exactly is somebody else's personal information useful to you?

On the topic of this discussion, here's an interesting article that pretty much sums up my views about this:
http://allthingsd.com/20110627/despite-all...hackers-failed/

Quote

In the span of 50 days, LulzSec proved it was neither original, technically adept, nor intellectually focused enough to be motivated by anything that approached a coherent ideology. The available evidence suggests the group’s members were a bunch of misguided young people with too much time on their hands and precious few constructive outlets for their considerable energy.

Edited by Alias, 27 June 2011 - 13:08.

[Golan]

CJ, on 27 Jun 2011, 12:59, said:

Golan, on 27 Jun 2011, 13:50, said:

LulzSec's and Anonymous' actions pretty much make any moral justification void. There are many good reasons to oppose and undermine today's handling of information, especially by large companies, but at the end of the day the guys are worse than what they claim to fight against.
Seriously, it's like burning down a house to show its fire alarm system doesn't work.

I totally agree with that. But in the same time, there's sadly not many other ways to oppose how these big firms works than piracy.

The public release of the data gained was completely unnecessary, even if ti were for proving success no complete data would have been needed. So yes, there would have been another way, namely not publishing vital data, but obviously they didn't do that.

[CJ]

Alias, on 27 Jun 2011, 14:04, said:

CJ, on 27 Jun 2011, 22:43, said:

"Therefore, while we strive to use commercially reasonable means to protect your personal information"
Well then, to keep it in the same theme as your comparison, I'd say that in this case, the arsonist used a simple lighter to burn down the whole house, because as I already said countless times, an SQL injection is probably the easiest thing to do for any wannabe hacker. The fact that they hacked the BFH servers that way shows that they haven't even tried to protect the info, because securing a website against SQLi is not that hard, not is it costly.

Even the smallest flame can burn down a house, you're proving my point.

If you haven't noticed, Battlefield Heroes is a free game, the FBI affiliate that was hacked was a not-for-profit and PBS which was also hacked is a non-profit organisation. The only major one that deserves your criticism is Sony (and EA, to an extent).

Companies which are not-for-profit pretty much survive off donations, I don't exactly think network security would be high on their list, not to mention I don't see at all how LulzSec comprimising them is at all useful. What do you get out of hacking a not-for-profit?

Excuse me, how is the Arizona Police a non-profit organization? Yet they got hacked too... And an FBI affiliate should be aware that it's going to be targeted by hackers, and since it contained sensitive data about the FBI itself, you'd think the FBI would offer to protect that info itself. Also, Battlefield Heroes is not as free as you think, it's Free 2 Play with an item shop, EA probably made more money from its item shop than what they did from selling BC2...

Alias, on 27 Jun 2011, 14:04, said:

CJ, on 27 Jun 2011, 22:43, said:

If it weren't for Anonymous, people wouldn't have known that half the developed countries fully supported Ben Ali and other dictators...

Perhaps in Tunisia, but over here it has been long known (as in, before the internet) that America has propped up and supported dictators for many decades now.

I used Tunisia as an example, but it applies to all Arabic countries, and people didn't know about most of them. And it's not only America supporting those dictators, European countries did too, and I wouldn't be surprised if Australia was involved as well...

Alias, on 27 Jun 2011, 14:04, said:

CJ, on 27 Jun 2011, 22:43, said:

If someone does something useful for me, I won't complain about it, whether he did that on purpose or not, for his own good or not.

How exactly is somebody else's personal information useful to you?

I was talking about their support to the revolution, even if they did it for themselves, which is what RaiDK said, it still was useful and anonymous earned the respect of many people with that.

[Golan]

CJ, on 27 Jun 2011, 13:19, said:

Alias, on 27 Jun 2011, 14:04, said:

CJ, on 27 Jun 2011, 22:43, said:

If someone does something useful for me, I won't complain about it, whether he did that on purpose or not, for his own good or not.

How exactly is somebody else's personal information useful to you?

I was talking about their support to the revolution, even if they did it for themselves, which is what RaiDK said, it still was useful and anonymous earned the respect of many people with that.

I really don't understand this feeling. You of all people should know that someone "doing it for themselves" and helping you as a side effect is not a reason to trust them, but to worry about what happens if their goals and yours do not match. Many a dictator has gone through phases of appealing to the masses purely to advance their own goals and brutally changed when said goals didn't match with such a behavior anymore.

[CJ]

Golan, on 27 Jun 2011, 14:31, said:

CJ, on 27 Jun 2011, 13:19, said:

Alias, on 27 Jun 2011, 14:04, said:

CJ, on 27 Jun 2011, 22:43, said:

If someone does something useful for me, I won't complain about it, whether he did that on purpose or not, for his own good or not.

How exactly is somebody else's personal information useful to you?

I was talking about their support to the revolution, even if they did it for themselves, which is what RaiDK said, it still was useful and anonymous earned the respect of many people with that.

I really don't understand this feeling. You of all people should know that someone "doing it for themselves" and helping you as a side effect is not a reason to trust them, but to worry about what happens if their goals and yours do not match. Many a dictator has gone through phases of appealing to the masses purely to advance their own goals and brutally changed when said goals didn't match with such a behavior anymore.

I didn't say that I trusted them, only that they earned the respect of many people (including me). And to be fairly honest, I don't see how a non-organized and leaderless group such as Anonymous could ever have goals which would differ from mine, unless I do become a dictator myself