Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
No More Jail Time: LulzSec's Sabu Sentenced to Time Served
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/28/2014 | 7:06:43 PM
Short time
Not much of a penalty considering the amount of time he was facing and the activities he was involved in. Granted his cooperation was extensive, but seven months doesn't seem like much.

BP
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/28/2014 | 4:56:40 PM
Re: Back online
This is a dangerous precedent. Sabu is a criminal, but it has been judged as an hero.
You can trust who has betrayed his beliefs?
We will heve 100, 1000 other SABU in the incoming months ... but they will not mitigate hacktivism cyber threat for sure.
The only way to face hacktivism is to listen their voice ... you cannot arrest an ideology.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/28/2014 | 3:09:36 PM
Re: Back online
@Whoopty  That's a great point. I wonder if he'll go into witness protection. And I also wonder how good the US marshalls are at the electronic side of witness protection. I mean, if anyone could track down a person who changed their identity, it's a team of criminal hackers.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/28/2014 | 3:07:42 PM
Re: Romancing the Hack
@Kelly  Yeah, that struck me too, as long as you choose to believe that he really did flip as quickly and eagerly as they said he did. Still, if you were facing over 20 years in prison, you'd probably want to do whatever you could to lighten your sentence.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 12:20:49 PM
Re: Back online
Good point, @Whoopty. He may want/need to stay under the radar for a very long time.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/28/2014 | 12:17:56 PM
Back online
I wonder if he'll be taking his first tentative steps back online in the next few days. Considering he's rolled over on so many other hackers, he'll have to watch his digital back for a long time to come. Must be pretty nerve racking. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 7:50:38 AM
Re: Romancing the Hack
What was most interesting to me in this case was how quickly Sabu flipped, and also gave up info on other illegal hacks he had done that the the FBI didn't even know about. 
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
5/27/2014 | 10:36:12 PM
Romancing the Hack
While the idea of renegade teams of cyber-warriors may sound appealing, ultimately the classic and safest hackers run solo and silent.  Say what you will about the actual skill-set of LulzSec, their real Achilles heel was the group itself.  With that many official, semi-official and wannabe members, there was bound to be poorly thought-out activities, arrests and sell-outs.

I think more of these bright young minds would be happier on the "white" side of the hack, rather than out there romancing it, when they realize prison, paranoia and the persistence of agencies like the CIA and FBI will no longer be part of their future.  Being in love with tech and with the hack doesn't mean you can't also be in love with your fellow human.  Let's see some more good being done out there; hack a solution to global sex trafficking or famine.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...