LulzSec


LulzSec is a grey hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.
At just after midnight on 26 June 2011, LulzSec suddenly released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website was to be shut down. Their final release included accounts and passwords from many different sources. Despite claims of retirement, the group committed another hack against newspapers owned by News Corporation on 18 July, defacing them with false reports regarding the death of Rupert Murdoch. The group had also helped launch Operation AntiSec, a joint effort involving LulzSec, Anonymous, and other hackers.

Former members and associates

LulzSec consisted of seven core members. The online handles of these seven were established through various attempts by other hacking groups to release personal information of group members on the internet, leaked IRC logs published by The Guardian, and through confirmation from the group itself.
  • Sabu – One of the group's founders, who seemed to act as a kind of leader for the group, Sabu would often decide what targets to attack next and who could participate in these attacks. He may have been part of the Anonymous group that hacked HBGary. Various attempts to release his real identity have claimed that he is an information technology consultant with the strongest hacking skills of the group and knowledge of the Python programming language. It was thought that Sabu was involved in the media outrage cast of 2010 using the skype "anonymous.sabu" Sabu was arrested in June 2011 and identified as a 29-year-old unemployed man from New York’s Lower East Side. On 15 August, he pleaded guilty to several hacking charges and agreed to cooperate with the FBI. Over the following seven months he successfully unmasked the other members of the group. Sabu was identified by Backtrace Security as Hector Montsegur on 11 March 2011 in a PDF publication named "Namshub."
  • Topiary – Topiary was also a suspected former member of the Anonymous, where he used to perform media relations, including hacking the website of the Westboro Baptist Church during a live interview. Topiary ran the LulzSec Twitter account on a daily basis; following the announcement of LulzSec's dissolution, he deleted all the posts on his Twitter page, except for one, which stated: "You cannot arrest an idea". Police arrested a man from Shetland, United Kingdom suspected of being Topiary on 27 July 2011. The man was later identified as Jake Davis and was charged with five counts, including unauthorized access of a computer and conspiracy. He was indicted on conspiracy charges on 6 March 2012.
  • Kayla/KMS – Ryan Ackroyd of London, and another unidentified individual known as "lol" or "Shock.ofgod" in LulzSec chat logs. Kayla owned a botnet used by the group in their distributed denial-of-service attacks. The botnet is reported to have consisted of about 800,000 infected computer servers. Kayla was involved in several high-profile attacks under the group "gn0sis". Kayla also may have participated in the Anonymous operation against HBGary. Kayla reportedly wiretapped 2 CIA agents in an anonymous operation. Kayla was also involved in the 2010 media outrage under the Skype handle "Pastorhoudaille". Kayla is suspected of having been something of a deputy to Sabu and to have found the vulnerabilities that allowed LulzSec access to the United States Senate systems. One of the men behind the handle Kayla was identified as Ryan Ackroyd of London, arrested, and indicted on conspiracy charges on 6 March 2012.
  • Tflow – The fourth founding member of the group identified in chat logs, attempts to identify him have labelled him a PHP coder, web developer, and performer of scams on PayPal. The group placed him in charge of maintenance and security of the group's website lulzsecurity.com. London Metropolitan Police announced the arrest of a 16-year-old hacker going by the handle Tflow on 19 July 2011.
  • Avunit – He is one of the core seven members of the group, but not a founding member. He left the group after their self-labelled "Fuck the FBI Friday". He was also affiliated with Anonymous AnonOps HQ. Avunit is the only one of the core seven members that has not been identified.
  • Pwnsauce – Pwnsauce joined the group around the same time as Avunit and became one of its core members. He was identified as Darren Martyn of Ireland and was indicted on conspiracy charges on 6 March 2012. The Irish national worked as a local chapter leader for the Open Web Application Security Project, resigning one week before his arrest.
  • Palladium – Identified as Donncha O'Cearbhaill of Ireland, he was indicted on conspiracy on 6 March 2012.
  • Anarchaos – Identified as Jeremy Hammond of Chicago, he was arrested on access device fraud and hacking charges. He was also charged with a hacking attack on the U.S. security company Stratfor in December 2011. He is said to be a member of Anonymous.
  • Ryan Cleary, who sometimes used the handle ViraL. Cleary faced a sentence of 32 months in relation to attacks against the US Air Force and others.

    Motivations

LulzSec did not appear to hack for financial profit, claiming their main motivation was to have fun by causing mayhem. They did things "for the lulz" and focused on the possible comedic and entertainment value of attacking targets. The group occasionally claimed a political message.
When they hacked PBS, they stated they did so in retaliation for what they perceived as unfair treatment of WikiLeaks in a Frontline documentary entitled WikiSecrets. A page they inserted on the PBS website included the title "FREE BRADLEY MANNING. FUCK FRONTLINE!" The 20 June announcement of "Operation Anti-Security" contained justification for attacks on government targets, citing supposed government efforts to "dominate and control our Internet ocean" and accusing them of corruption and breaching privacy. The news media most often described them as grey hat hackers.
In June 2011, the group released a manifesto outlining why they performed hacks and website takedowns, reiterating that "we do things just because we find it entertaining" and that watching the results can be "priceless". They also claimed to be drawing attention to computer security flaws and holes. They contended that many other hackers exploit and steal user information without releasing the names publicly or telling people they may possibly have been hacked. LulzSec said that by releasing lists of hacked usernames or informing the public of vulnerable websites, it gave users the opportunity to change names and passwords elsewhere that might otherwise have been exploited, and businesses would be alarmed and would upgrade their security. They denied responsibility for misuse of any of the data they breached and released. Instead, they placed the blame on users who reused passwords on multiple websites and on companies with inadequate security in place.
The group's later attacks have had a more political tone. They claimed to want to expose the "racist and corrupt nature" of the military and law enforcement. They have also expressed opposition to the war on drugs. Lulzsec's Operation Anti-Security was characterized as a protest against government censorship and monitoring of the internet. In a question and answer session with BBC Newsnight, LulzSec member Whirlpool said, "Politically motivated ethical hacking is more fulfilling". He claimed the loosening of copyright laws and the rollback of what he sees as corrupt racial profiling practices as some of the group's goals.

History

A federal indictment against members contends that, prior to forming the hacking collective known as LulzSec, the six members were all part of another collective called Internet Feds, a group in rivalry with Anonymous. Under this name, the group attacked websites belonging to Fine Gael, HBGary, and Fox Broadcasting Company. This includes the alleged incident in which e-mail messages were stolen from HBGary accounts. In May 2011, following the publicity surrounding the HBGary hacks, six members of Internet Feds founded the group LulzSec.
The group's first recorded attack was against Fox.com's website, though they still may have been using the name Internet Feds at the time. It claimed responsibility for leaking information, including passwords, altering several employees' LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants. They claimed to do so because the rapper Common had been referred to as "vile" on air.
LulzSec drew its name from the neologism "lulz",, "laughing out loud", which represents laughter, and "Sec", short for "Security". The Wall Street Journal characterized its attacks as closer to Internet pranks than serious cyber-warfare, while the group itself claimed to possess the capability of stronger attacks. It gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that were hacked. It frequently referred to Internet memes when defacing websites. The group emerged in May 2011, and successfully attacked websites of several major corporations. It specialized in finding websites with poor security, stealing and posting information from them online. It used well-known straightforward methods, such as SQL injection, to attack its target websites. Several media sources have described their tactics as grey hat hacking. Members of the group may have been involved in a previous attack against the security firm HBGary.
The group used the motto "Laughing at your security since 2011!" and its website, created in June 2011, played the theme from The Love Boat. It announced its exploits via Twitter and its own website, often accompanied with lighthearted ASCII art drawings of boats. Its website also included a bitcoin donation link to help fund its activities. Ian Paul of PC World wrote that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes." The group was also critical of white hat hackers, claiming that many of them have been corrupted by their employers.
Some in the security community contended that the group raised awareness of the widespread lack of effective security against hackers. They were credited with inspiring LulzRaft, a group implicated in several high-profile website hacks in Canada.
In June 2011 the group took suggestions for sites to hit with denial-of-service attacks. The group redirected telephone numbers to different customer support lines, including the line for World of Warcraft, magnets.com, and the FBI Detroit office. The group claimed this sent five to 20 calls per second to these sources, overwhelming their support officers. On 24 June 2011, The Guardian released leaked logs of one of the group's IRC chats, revealing that the core group was a small group of hackers with a leader Sabu who exercised large control over the group's activities. It also revealed that the group had connections with Anonymous, though was not formally affiliated with it. Some LulzSec members had once been prominent Anonymous members, including member Topiary.
At just after midnight on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website was to be taken down. The group claimed that they had planned to be active for only fifty days from the beginning. "We're not quitting because we're afraid of law enforcement. The press are getting bored of us, and we're getting bored of us," a group member said in an interview to the Associated Press. Members of the group were reported to have joined with Anonymous members to continue the AntiSec operation. However, despite claiming to retire, the group remained in communication as it attacked the websites of British newspapers The Times and The Sun on 18 July, leaving a false story on the death of owner Rupert Murdoch.