Saturday, August 13, 2011

How I Out-Hacked a LulzSec Member

A couple of days ago, I saw a tweet from @lolspoon which exposed another twitter user's real name and phone number, to aid people in harrassing that person. I did not know who @lolspoon was, but I immediately reported this to Twitter as a violation of the Terms of Service, as explained here:


https://support.twitter.com/groups/33-report-a-violation/topics/166-safety-center/articles/15794-safety-abusive-users


I also sent out a tweet asking other people to report @lolspoon.
I got a lot of angry responses on Twitter, more than I expected. And yesterday, Twitter took down the @lolspoon account.


The angry attacks on me increased, claiming that I was a "snitch" and that they needed to react to the injury done to "Kayla". So I checked, and apparently @lolspoon is, in fact, one of the core LulzSec members, as listed here:


http://pastebin.com/FSgLga0d


I claim victory in a duel of hackers:


1. By violating the Terms of Service, @lolspoon created a security vulnerability in her Twitter account.


2. I used a Privilege Escalation Exploit on that vulnerability, through the mechanism of a trouble ticket, and pwned her.


Therefore I have won by code duello, and no one is justified in protesting it.


Furthermore, I maintain that all criminal hackers are lacking in "skilz", because they have also exposed themselves to similar privilege escalation attacks through poor security practices, The law is a system like any other and failing to respect it is poor security and sloppy hacking.


Therefore, if you want to be 1337, you should obey the law.

15 comments:

  1. Or break it better.

    ReplyDelete
  2. I'm not advocating breaking the law, by the way. I'm pointing out that your argument doesn't imply that one ought to obey the law, but that one ought either to do so, or to break it with more expertise.

    ReplyDelete
  3. You must feel like a big man. Sam Bowne = Internet Tough Guy.

    ReplyDelete
  4. You done good, Boss.

    ReplyDelete
  5. You should do a sitcom... i can't stop laughing

    ReplyDelete
  6. I wonder why a bunch of adolescents look up to a middle aged man pretending to be a girl? Don't they realize rhat he is sick and taking them with him? Very sad. His closest friends must be a sight to behold. Good job.

    ReplyDelete
  7. There are times to break the law. Martin Luther King and Gandhi did it in an effective way. But i is very rarely the best way to achieve a beneficial result, because you promote crime.

    ReplyDelete
  8. Sam Bowne is the 1337357!!!1!1!!!

    I hope criminal hackers take this post to heart, some may not realize the security vulns they're opening themselves up to can take decades to resolve!

    ReplyDelete
  9. This is the reason that non-hackers, like myself, despise groups like Anonymous and LulzSec. While we're out trying to earn a living and protect our families these delinquents and their older mentors are making life miserable for people. Putting someone's personal information out and then encouraging others to harass them is hypocritical to say the least and schoolyard bully behavior at its worst. Wait till you sit in jail and find out how the pros work you boyos.
    Then...not so funny.

    ReplyDelete
  10. You have double standards - Kayla posted 'said person's info' because that said person was also posting people's info!! I hope everyone ends up in jail - you too!!

    ReplyDelete
  11. As a result of this, a hacker called Abhaxas declared that he would target me. He wrote a script and posted LULZ thousands of times on my "Student Comments" page. It took ten minutes to fix. So far that's all the revenge Anonymous has taken on me.

    ReplyDelete
  12. lol the account is now back.

    ReplyDelete