LulzSec DDoS Magnets.com -- [update] and now the CIA

In news that is a surprise to absolutely no one, LulzSec have once again gone about their antics, this time bringing down Magnets.com using a distributed denial of service attack.

What is a little different to previous attacks, is the aftermath, as LulzSec then switched their attack to the company’s phone support lines. The tweet by LulzSec said “magnets.com representative just confirmed 200+ calls a minute to their customer support. Who's next for phone forwarding? >:] Hmm...”

The group did provide some explanation as to why they attacked the website in a tweet which noted that they [LulzSec] called magnets.com and that they wouldn’t tell them how magnets worked. Soon after, they posted yet another tweet except this time their phone number which was a redirect to magnets customer service line. “You can create insane lulz by calling these numbers, wanna join in the phone DDoS?”

It was claimed that 5-20 people ring the LulzSec number every second and while LulzSec have the ability to redirect that to anywhere in the world, it still remains to be seen if it’ll ever be used for something besides a phone DDoS. It appears they have called Anonymous out too, when they later told Anonymous via Twitter that their LOIC hive ‘is no match for our phone redirect hive. A certain hosting company just got 1000+ calls.”

Yesterday, the group went on a DDoS rampage as they took down Minecraft, Escapist magazine and EVE online, who were just a few of the victims. 

[Update] It appears that the group have now taken on their biggest challenge - the CIA and have suceeded in taking down the official website: CIA.gov. The reason why was at first unknown, however speculation suggests that it was down to a twitterer by the name of Quadrapodacone who made it be known that he was unimpressed at LulzSec's actions because of the fact they took down "small-fry" targets. It's possible this course of action could have been a response to his tweet, however nothing is confirmed. 

Report a problem with article
Previous Story

HP ignites speculation with trademarks for new TouchPad; WebOS Pivot

Next Story

HTC changes its mind about bringing Gingerbread to the Desire

118 Comments

Commenting is disabled on this article.

Well the moment they attack any Federal agencies, they are listed as terriosts. Good luck when they get caught ...

MDboyz said,
Well the moment they attack any Federal agencies, they are listed as terriosts. Good luck when they get caught ...

The moment they attacked any corporate business then they are tagged as "fire at sight".

who cares what they do.. as long as they dont hurt one's business.. if i had one, and they hurt it... id throw them in Guantanamo Bay

allwynd said,
who cares what they do.. as long as they dont hurt one's business.. if i had one, and they hurt it... id throw them in Guantanamo Bay

safe your information.
keep backup

and that's it. It is not so hard to do that.

They're ruining the free internet for all of us. It's sad... I think governments are happy now, this will lead to new internet laws, internet ID's and everything soon, good bye torrentz, appz and everything that breaks the law.

owziee said,
They're ruining the free internet for all of us. It's sad... I think governments are happy now, this will lead to new internet laws, internet ID's and everything soon, good bye torrentz, appz and everything that breaks the law.

Your probably right. Through the stupidity of these groups doing this BS.

owziee said,
They're ruining the free internet for all of us. It's sad... I think governments are happy now, this will lead to new internet laws, internet ID's and everything soon, good bye torrentz, appz and everything that breaks the law.

While we lost a lot of freedoms due to a ham-handed and unimaginative response to terrorism, it's also unimaginative to blame the terrorists for the ham-handed response. We could have done more effective things if we didn't allow ourselves to be led by the those seeking the illusion of safety.

So if the people and the leaders they choose employ stupid, unimaginative, ineffective, draconian methods to respond to Internet nuisances, don't blame the nuisance - blame the idiotic response.

To Lul and Anon.. just give up ok.. your only contributing to the Chaos .. and if you keep this up we wil need to log into with some freaking ID just to Google orgasm sheeeesh

I think there is a massive lack of understanding as to just what the "LulzSec" team has actually done here.

You are entirely right, DDoS is easy when you have a big group of willing douche bags (i.e. Anonymous). In this case the team didn't get a bunch of people to do it, instead they rooted 4Chan and installed an exploit. The result of this exploit was that each browser that visited and met certain requirements self executed another set of code.

Instant "Anonymous powered" bot net. Quite an achievement over all.

The best part of it is that the Anonymous 4Channers are all bitching out the LulzSec team, and it would appear that they are supporting (if completely obliviously) the LulzSec bot net.

Lastly, it's not just DDoS'ing. 0Day exploits require some form of skill to execute on a serious scale. Either way, it's going to end badly, but it's fun to watch in the mean time >.<

First time I have ever seriously used Twitter to boot

c'mon what a joke is that ? AFAIK the CIA website is not that know, so sure they don't have enough servers to handle large amounts of traffic, and if they have any "moderate" botnet sure they can take it down.

Its not like they "hacked" the CIA and got top secret infos, its not a a real "challenge" at all.

I'm kinda impressed they took CIA down. If you do operations this big you must have a really good way of cleaning your footprints. Wonder if they will get away with it

I guess it's got its bad and good sides, actions like these...

jporter said,
I'm kinda impressed they took CIA down. If you do operations this big you must have a really good way of cleaning your footprints. Wonder if they will get away with it

I guess it's got its bad and good sides, actions like these...

They didn't take the CIA down. CIA.gov doesn't really affect anything in the CIA.

ok it was ok reading about these nabs for a few posts but this is getting boring so Neowin can you do less posts about them please

When are these idiots going to stop. Whilst I don't condone the work "Anonymous" have carried out, at least they have outlined a set of principles (however misguided they are considered to be by some) that explains their stance and subsequent attacks. These f**kin' idiots are just randomly "playing" on the Web....it's going to cause some serious pain to many, and also I believe, change the face of the Net forever as legislation comes in that the ISPs can no longer stave off.

I'd be more impressed if they took on the NSA and took them down

@ war-dog and you think they don't do that already between the CIA, FBI and NSA they already now what your going to tweet before you've typed it

FMH said,
Are they good enough to take down websites like Google.com or Facebook.com .

They can't take down Facebook. The world would end... for some

Tpiom said,

They can't take down Facebook. The world would end... for some

You could always tweet and some people still have spaces.

When will Cyber Command get involved? If the back story for Terminator was to be rebooted this would be an awesome starting point.

etempest said,
I almost wonder if Lulz is done by a government for the purpose to justify a bunch of new laws.

+1 I think you hit the nail on the head.

The best is they are just DDoSing so they are just using a crappy botnet to flood the server. They are not doing anything "remarkable" or even anything remotely considered "hacking." They are script kiddies who think they are above everyone else.

I really hope these guys get their time behind bars. I am sick of hearing about them.

Attacking Magnets.com? What a joke these morons are. Its truly sad how pathetic they are.

And they have caught quite a few members of the Anonymous group, so its not like they can't be located. At least the Anonymous group didn't run this BS attacking random sites for no reason, or for laughs.

He has no problem posting thousands of peoples login and passwords for sites, yet he hides behind his little computer not revealing himself.

True hackers in the past hacked programs, and didn't go around stealing peoples logins and posting them for everyone to see, or taking down gaming servers for no reason.

Websites? Thats small fry stuff. If they managed to do some damage inside corporate or government internal networks, then that would be impressive.

Yoofie said,
Websites? Thats small fry stuff. If they managed to do some damage inside corporate or government internal networks, then that would be impressive.

Indeed it would.

if you are going to DDoS something you are not showing they are vulnerable, but you are showing that you can flood a server... which no mater what you can do... doesn't take much to do something so freaking easy, they arn't even hackers, they are losers who figured out how to run some simple apps and scripts

CIA website still up fail at LulzSec this pedos need to get a real job sad **** really.


If you want to take down something take down FCC **** CENSORSHIP!

(Reuters) - The public website of the Central Intelligence Agency went down on Wednesday evening as the hacker group Lulz Security said it had launched an attack.

Lulz Security has claimed responsibility for recent attacks on the Senate, Sony Corp, News Corp and the Public Broadcasting System television network.

The CIA site initially could not be accessed from New York to San Francisco, and Bangalore to London. Later in the evening service was sporadic.

"We are looking into these reports," a CIA spokeswoman said.

Lulz Security has defaced websites, posted personal information about customers and site administrators, and disclosed the network configurations of some sites.

Security analysts have downplayed the significance of these attacks, saying the hackers are just looking to show off and get as much attention as possible.

In the case of the CIA attack, hackers would not be able to access sensitive data by breaking into the agency's public website, said Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld.

"All they're doing is saying 'Look how good we are,'" Carr said. "These guys are literally in it for embarrassment, to say 'your security is crap.'"

Lulz only made claims that it attacked http://www.cia.gov, and there was no evidence on Wednesday evening that sensitive data in the agency's internal computer network had been compromised.

There also were no apparent links to more serious network security breaches recently at the International Monetary Fund and Lockheed Martin Corp. Lulz Security has not been linked to those incidents.

Lulz, whose members are strewn across the globe, announced the attack shortly before 6 p.m. East Coast time.

"Tango down," the group Tweeted, pointing to http://www.cia.gov.

Although the group, also known as Lulz Boat, fashions itself more as pranksters and activists than people with sinister intent, its members have been accused of breaking the law and are wanted by the FBI and other law enforcement agencies.

Lulz broke into a public website of the U.S. Senate over the weekend and released data stolen from the legislative body's computer servers.

In May, the group posted a fake story on the PBS website saying that rapper Tupac Shakur was still alive and living in New Zealand. Shakur was murdered in 1996.

(Reporting by Jim Finkle, Phil Stewart and Marius Bosch; Editing by David Lawder)

Part of me wants them to get caught to protect our internet freedom but at the same time I kinda want things to really kick off between them which makes me kinda sad.

I wish neowin would stop posting this new. I am waiting for the film and I don't think it's right to put spoilers on the front page.

Lamp0 said,
I wish neowin would stop posting this new. I am waiting for the film and I don't think it's right to put spoilers on the front page.

idd

attack the cia..lmao....smart move there gents....think waterboarding and full cavity searches are bad..just wait till the suits come knocking at your door

+1 DootDootMan

a lot of you don't realize ddosing a basic say apache webserver is one thing but ddosing the cia lol ? im sure they have more than ab normal load balancing equipment & a redundant cluster setup which fails ovb ?

DLow said,
+1 DootDootMan

a lot of you don't realize ddosing a basic say apache webserver is one thing but ddosing the cia lol ? im sure they have more than ab normal load balancing equipment & a redundant cluster setup which fails ovb ?

Probably not for their public website.

DLow said,
+1 DootDootMan

a lot of you don't realize ddosing a basic say apache webserver is one thing but ddosing the cia lol ? im sure they have more than ab normal load balancing equipment & a redundant cluster setup which fails ovb ?

If the CIA is spending that much money on a website that normally gets a few hundred hits a day at max? >> << I'd have an issue with their funding.

I am sort of enjoying this. While some collateral damage may be done (sony users, etc), I think this is required to get system admins, and management, to wake up and start protecting their stuff. How many stories within the last 2-3 years have you seen where credit card/email numbers had been stolen from some database? had lulzsec done this years ago, maybe those wouldn't have happened?

While it aint cool, and if they ever get caught it will mean some serious jail time, I think this is required to bring about change in the mindset that some people have that their servers are secure.

They're offering fun and certainly are pro! Love 'em!

Humiliating American targets is always fun! No human beings were harmed during the show! In contrary to American way of fun, like Japan's earthquake.

Deo Domuique said,
They're offering fun and certainly are pro! Love 'em!

Humiliating American targets is always fun! No human beings were harmed during the show! In contrary to American way of fun, like Japan's earthquake.


How are these guys "PRO" they are using basic DDoS attacks.. Hell any 11 year old could do that ****.

Deo Domuique said,
They're offering fun and certainly are pro! Love 'em!

Humiliating American targets is always fun! No human beings were harmed during the show! In contrary to American way of fun, like Japan's earthquake.


So why are you even here, on an American website. Posting your anti-American crap.

If your going to ddos somthing ddos google

and toorop no it is still down


-----
Address lookup
canonical name cia.gov.
aliases
addresses 198.81.129.125
Service scan
FTP - 21 Error: TimedOut
SMTP - 25 Error: TimedOut
HTTP - 80 Error: TimedOut
POP3 - 110 Error: TimedOut
IMAP - 143 Error: TimedOut

-- end --

Toorop said,
CIA is back online, ha wow lulz sec is garbage.

Orly?
Those are just teenagers with inattention dude, I wouldn't worry about it..

I wouldn't mind these attacks so much if they only attacked the sites etc to reveal flaws in security however when they start stealing personal information and potentially selling that information especially those belonging to customers then they've gone way out of line.

Munroe said,
I wouldn't mind these attacks so much if they only attacked the sites etc to reveal flaws in security however when they start stealing personal information and potentially selling that information especially those belonging to customers then they've gone way out of line.

This might get governments to take internet security seriously though... But, I have a feeling they are going to make some ridiculous laws because of this

EDIT: Cia.gov seems to be back online again... Sort of... It's really slow.

xiralos said,
LulzSec just posted on twitter they are DDoS the CIA website!

Now I'm almost 100% certain that they are not American citizens

Viper550 said,
F***ing magnets, eh, how do they work?

I think that's the joke here btw, some line from an Insane Clown Posse song.

I'm surprised so few people know about it. What ever happened to smart people on Neowin

I am starting to think this isn't some group of internet 'nerd' thinking they are cool.

When you start to see the areas that have been hit lately, and the way they have moved from infrastructure to infrastructure and up the game to visibly higher and higher targets, you start to see they may have a very detailed plan and have a nice set of milestones on what's being hit and when.

Random, unfunded and for kicks? I think not.

Skin said,
I am starting to think this isn't some group of internet 'nerd' thinking they are cool.

When you start to see the areas that have been hit lately, and the way they have moved from infrastructure to infrastructure and up the game to visibly higher and higher targets, you start to see they may have a very detailed plan and have a nice set of milestones on what's being hit and when.

Random, unfunded and for kicks? I think not.

Do you buy your tinfoil hats premade or do you roll your own?

Skin said,
I am starting to think this isn't some group of internet 'nerd' thinking they are cool.

When you start to see the areas that have been hit lately, and the way they have moved from infrastructure to infrastructure and up the game to visibly higher and higher targets, you start to see they may have a very detailed plan and have a nice set of milestones on what's being hit and when.

Random, unfunded and for kicks? I think not.


They hacked the PBS website. Seriously, why would you hack the PBS website?

They are just immature little kids targeting random sites.

I can imagen the supervisors calling people on their day off to help bring down the customer support line. then told everyone they cant take breaks, then telling people the slacking is over.

Stewart Gilligan Griffin said,
magnets.com ? seriously? this has hit a new low

Seriously. And a DDoS attack? Not impressed. They could bring down my website easily with a DDoS attack, and that has nothing to do with security.

Sad, pathetic, little losers (skiddies)...

LulzSec - Losers United Lacking Zyprexa - Sadly Erectile Challenged

Get a job, move out of mommy's basement and contribute something useful to society. If the only way you can feel good about yourself (or have a LULZ) is to tear down something that someone else has built then you have serious issues. The good news is... they make medication for that. Try some!!!


LulzSecSuksBigOnes said,
Sad, pathetic, little losers (skiddies)...

LulzSec - Losers United Lacking Zyprexa - Sadly Erectile Challenged

Get a job, move out of mommy's basement and contribute something useful to society. If the only way you can feel good about yourself (or have a LULZ) is to tear down something that someone else has built then you have serious issues. The good news is... they make medication for that. Try some!!!


oww you are so done

LulzSecSuksBigOnes said,
Sad, pathetic, little losers (skiddies)...

LulzSec - Losers United Lacking Zyprexa - Sadly Erectile Challenged

Get a job, move out of mommy's basement and contribute something useful to society. If the only way you can feel good about yourself (or have a LULZ) is to tear down something that someone else has built then you have serious issues. The good news is... they make medication for that. Try some!!!


Says the person who made an account with a name like that. Seems like so far they are Winning.

They are taking security companies to school as someone mentioned its not just DDoS attacks that they are doing.

Well they kind of deserve it. I mean, obviously phone networks need better security and it's just what they deserve for having phone lines accessible to the public.

Children, and very sad ones too ........
How about emptying the bank accounts of various NoDogooders in this world then distributing the proceeds. Or at least something in that vein...

BavonWW said,
Children, and very sad ones too ........
How about emptying the bank accounts of various NoDogooders in this world then distributing the proceeds. Or at least something in that vein...

Because they can't. It's just a bunch of DDoS weaksauce. I know they're being called 'hackers' but they're really not. It takes zero 'hacking' to run a DDoS script from a shell. Really, zero. Also, it's always interesting when the real 'hax0rs' get started every year just about the time schools are getting out. /yuh-awn

BavonWW said,
Children, and very sad ones too ........
How about emptying the bank accounts of various NoDogooders in this world then distributing the proceeds. Or at least something in that vein...

erm, to do that to nodogoders wouldnt be very clever as when they found you it wouldn't be worth thinking about

Olemus said,
Most of it is DDOS but they have actually "hacked" and retrieved customer/admin info from many companies as well.

apache 0day, here's how it works: encode shell command using the script which then sends it to the server, it runs on the server and executes the command, seeing as most people know dick about security, apache will be running as root, in which case they've just cat'd /etc/shadow, if they're smart enough to run it as another user that only has access to the site's directory then all they need to do is cat the config file of the software using the database.
Now they've got all the details from the server, do a wget for phpmyadmin or phpmsadmin or an oracle equilivent, extract it, and visit the URL, put in the database info and behold, they've just got all the info from the database.

n_K said,

apache 0day, here's how it works: encode shell command using the script which then sends it to the server, it runs on the server and executes the command, seeing as most people know dick about security, apache will be running as root, in which case they've just cat'd /etc/shadow, if they're smart enough to run it as another user that only has access to the site's directory then all they need to do is cat the config file of the software using the database.
Now they've got all the details from the server, do a wget for phpmyadmin or phpmsadmin or an oracle equilivent, extract it, and visit the URL, put in the database info and behold, they've just got all the info from the database.

Yes but that wasn't my point. I don't agree with what they're doing I was just pointing out it isn't just DDOS

BavonWW said,
Children, and very sad ones too ........
How about emptying the bank accounts of various NoDogooders in this world then distributing the proceeds. Or at least something in that vein...

You call them sad children, but your idea of addressing social ill is premised on stealing. How mature!

perhaps if the bulk of mainstream news sites STOPS posting about every single attack they'll stop getting their jollies about seeing their names and go away.

take their 15 minutes of fame away.

lothodon said,
perhaps if the bulk of mainstream news sites STOPS posting about every single attack they'll stop getting their jollies about seeing their names and go away.

take their 15 minutes of fame away.

With 150000 followers on Twitter it'll take a while for that to happen.

lothodon said,
perhaps if the bulk of mainstream news sites STOPS posting about every single attack they'll stop getting their jollies about seeing their names and go away.

take their 15 minutes of fame away.

Nah, I want them to keep going. I'm hoping that by the time they get caught the charges will be high enough to put them under the prison floor. Or, for more entertainment, they may be caught in a country less civil about it's, er, civil penalties. Caning, anyone?

Might a suggest a LulzSec section, or something. They don't seem to be slowing down and it would be to nice to have all news related to them in one place...

I wouldn't be surprised if FBI, or whoever are hunting them, aren't even close to getting them caught.

And note to self: Don't mess with LulzSec. They seem to be capable of everything!

Tpiom said,
Might a suggest a LulzSec section, or something. They don't seem to be slowing down and it would be to nice to have all news related to them in one place...

I wouldn't be surprised if FBI, or whoever are hunting them, aren't even close to getting them caught.

And note to self: Don't mess with LulzSec. They seem to be capable of everything!

Just use the tags
http://www.neowin.net/news/tags/lulzsec

ObiWanToby said,
They are out of control.

For sure.

While I probably shouldn't say this so people don't get ideas, what's next? Amazon servers? iTunes Store?

ObiWanToby said,
They are out of control.

Until uncle Sam find them and make the arrests. They will not be partying for long.

Unix2 said,

Until uncle Sam find them and make the arrests. They will not be partying for long.
They should hope it is Uncle Sam, the red tape on their trial will keep them comfortable for years. If it is another country they will get dealt with quickly I bet.

PlogCF said,
Wow.
Like them or not, you have to admit that they're excellent at their work. I just hope it's worth all the lulz...

I'll admit nothing. This is utter foolishness.

PlogCF said,
Wow.
Like them or not, you have to admit that they're excellent at their work. I just hope it's worth all the lulz...

Yes, it must require l337 hacker skills to use call forwarding

giantpotato said,

Yes, it must require l337 hacker skills to use call forwarding

Though it is impressive they haven't been caught yet i suppose

ZenVenT said,

Though it is impressive they haven't been caught yet i suppose

I wouldn't go that far. I'm sure they are under investigation, they don't just arrest people like these right away. They've signed their warrants though, it will be fun watching these arrogant morons go down.

PlogCF said,
Wow.
Like them or not, you have to admit that they're excellent at their work.

This is not a complicated attack.....

PlogCF said,
Wow.
Like them or not, you have to admit that they're excellent at their work. I just hope it's worth all the lulz...

Work? Hardly.

PlogCF said,
Wow.
Like them or not, you have to admit that they're excellent at their work. I just hope it's worth all the lulz...

DDoS-ing is weak mate.

"We can't break the lock, so we'll just keep kicking the door."