Profile of a Hacker: The Real Sabu, Part 1 of 2
The LulzSec attack of Sony Pictures is an illustrative example. Sony Pictures was running several prize giveaways as part of a marketing campaign. LulzSec used a basic SQL injection1 to breach the SonyPictures.com database and grabbed the usernames, passwords, and personal profiles of over one million registered users. They then dumped the data to Pastebin. LulzSec’s justification at the time was that Sony Pictures’ security was “… disgraceful and insecure: they were asking for it.” But the justification seemed little more than braggadocio to the community. When someone asked LulzSec why they would compromise the credentials of so many innocent television watchers, they replied “we do it for lulz” (the laughs).
Well, LulzSec wasn’t going to keep laughing for long.
By that time, Sabu had achieved an almost messianic following among Anonymous, and his twitter account, @anonymouSabu, had hundreds of thousands of followers. He was number one on the FBI’s most wanted cybercriminal list.
If that weren’t enough heat, Sabu had also attracted the attention of the complete polar opposite of his time: the famous pro-U.S., ex-Special Ops service member and hacker known as The Jester. The Jester, too, was known for distributed denial-of-service attacks and had been spending months attacking Jihadist websites in order to drive their users into more centralized, resilient networks where they could be monitored by the various agencies that track terrorist activity. The Jester had become notorious (or celebrated) enough that the SANS Institute devoted a whole white paper to him: The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare.2
An epic clash brewed between Sabu and The Jester.
As an ex-military operative, The Jester loathed Sabu. The two stood at opposite sides on nearly any given topic: WikiLeaks, Anonymous, the Occupy movement, the forum 4chan, the CIA, and the Palestinian/Israeli conflict, to name just a few. One notable exception was the Westboro Baptist Church (WBC), which is known for conducting anti-gay protests at military funerals. Only about this group, both Sabu and the Jester agreed; and they both attacked the WBC repeatedly.
During the first half of 2011, Sabu and The Jester tried repeatedly to uncover each other’s identity. An alleged member of LulzSec, Nakomis, even went so far as to impersonate The Jester himself on Twitter. The Jester countered by impersonating a reporter in order to gain the trust of the fake Jester, and trick Nakomis into revealing his personal details.3
The conflict between Sabu and the Jester reached a fever pitch at the DEF CON 19, the nineteenth annual security convention in Las Vegas. Both hackers claimed to be in attendance along with the 20,000 other hackers, researchers, and undercover FBI agents. The Jester taunted Sabu to come out and meet him face-to-face.4 Sabu replied that of course he would not; The Jester was suspected to be in collusion with, or at least sanctioned by, the U.S. government. Sabu protested that if he were to expose his own identity, even privately, to The Jester, he would be immediately pounced upon by the authorities.
Source link
lol
The LulzSec attack of Sony Pictures is an illustrative example. Sony Pictures was running several prize giveaways as part of a marketing campaign. LulzSec used a basic SQL injection1 to breach the SonyPictures.com database and grabbed the usernames, passwords, and personal profiles of over one million registered users. They then dumped the data to Pastebin.…