The story is very simple, LulZSec, the collective of hackers recently hit the Italian Ministry of the Environment, has collected a huge amount of data belonging to 30,000 Roman lawyers. The attack was announced as an important leak of confidential information.
In the last few days, the hacktivists carried out a series of successful attacks, they stole the information of the lawyers registered with the Orders of Matera and Catanzaro. Then the hackers announced big troubles for Virginia Raggi, the Mayor of Rome, but I suspected that the target was the Municipality of Rome. I decided to investigate the activity of the group, and I discovered that the Capitol had already been warned of large leaks in its network infrastructure, and that had taken steps to resolve them. Anyway, I was waiting for the bomb to explode, because both anonymous and LulzSec don’t joke.
And here it is, yesterday, the theft 30,000 emails, personal information and evidence of accesses to PEC accounts (certificated email accounts) were leaked online, Most of the accounts belong to lawyers registered with the Order of Rome that jas Virginia Raggi as one of its members. Anonymous Italian published the links to the stolen data on its blog, the entire archive is stored on Megaupload, a popular sharing platform that I repeatedly accused of being the storage of child pornography contents set up for sale in the Dark Web, but that need fast connections to be downloaded: and this is it the reason why the horrible content is accessible to everyone on the clear web.
I contacted the hackers providing them uncomfortable questions, and they accepted to be interviewed.
1) Let’s start with the motivation behind this operation: do you choose the targets or do you attack those organizations vulnerable to sqlninja and sqlmap scans?
– Hi, and thank you for contacting us.
We have written the reasons for the operation in the shared post on our blog. As mentioned, we want to remember our friends arrested a few years ago, and to make them understand that we at Anonymous (and in this case also LulzSecIta) are legion. There is not a leader in our ranks, but only the desire for Truth and Justice. The objectives as we choose them ask us? If they assign you a theme, what do you write? Sorry if we answer a question with a question !. Lulz
2) Your attacks are not reduced, on the contrary, they are increasing in frequency and size, so the question is where do you want to go?
We believe we have already answered this question in the previous interview. However, it would be enough for us not to have a Ministry of the Interior like the Italian one, and we are also referring to the fact that he called the Digos (General Investigations and Special Operations Division) to defend himself against a girl who reminded him of the words that the Lega (its political party) used years ago to describe people leaving in the south of Italy, or the people who the Minister KILLED with his behavior on those who escape from war and poverty.
3) Your actions according to the regulation of the GDPR not only expose you to a crime, of which we have already spoken and I do not want to return on this topic, but pose a severe risk to data managers who will now necessarily have to be sanctioned. Is this also your goal?
We know that we expose ourselves to a crime, but again: are we the criminals? Or the criminals are those who make the laws and then do not respect them first !?
4) By doing so (showing the vulnerabilities of the administrators), you provide help to the many companies left out of these public contracts, and which can now offer their services to the victims. How would you respond to allegations of a potential conflict of interest relating to a hidden economic interest in your form of hacktivism? Your attacks are damaging some companies and advantaging others.
LOL economic interest? Did you pay anything to interview us? Have you ever heard anyone pay Anonymous for something? We accept certain donations, which are used to keep our services online, but we have never asked and we will never ask for money. On the other hand we could have asked for a ransom for all the published data, change passwords and do something else. But even if we have always been defined as criminals, we have our own ethics, much stronger and more respectful of the companies whose data we publish.
5) Many argue that your actions do not respect the philosophy of hackers because they involve unsuspecting victims of information leaks generated by inattention and inability of data managers and administrators of the platforms. What do you respond to these charges?
What should we answer you. We are not hackers, but hacktivists. Had we been hackers with that data we would have become rich!
6) The personal question that I face every day is certainly the contrast to companies that are much bigger and more difficult to attack, the so-called big fish like Google, Amazon and Facebook. What is your opinion of these multinationals? Are you planning any action in this regard?
Dear Livio, the problem is not the big fishes, but small ones. If all the small fishes get together, they could make everything tremble, on the other hand this happens in nature. But no, everyone is only interested in his country. No need to take actions towards them, take Facebook, it has had more fines in the last year that only half of that money would have probably fed Africa. Another problem is that there is no choice, and you who are from Naples know it well!
7) Another issue is the fight against online child pornography. According to my research, sharing platforms, such as those used to disseminate data, unfortunately also host this kind of illegal content. How can you overcome this problem (it is important to specify that you are not an ally of pedophiles)?
Child pornography is not an easy environment. Some of us have fought and are fighting in that environment too, and believe in it wears you down (PURTROPPO LO SO ALSO I NDR). The only thing we can tell you is to report everything you find to the competent authorities and then let us know the answer. We don’t create the sharing platforms, we only use them, and we are sorry if they host child pornography, but it is not up to us to investigate, although in many cases we have helped to have many people arrested who had access to those crap.
(SecurityAffairs – Anonymous, LulzSec)