LulzSec: Difference between revisions

Lulz Security (often referred to as LulzSec) is a Grey hat^[1] computer hacker group that claims to be responsible for several high profile attacks, including the theft of over 1,000,000 user accounts from Sony in 2011. They have gained attention due to their high profile targets and the lighthearted messages they have posted in the aftermath of the attacks.

Overview

Lulz Security draws its name from the neologism "Lulz", which often signifies laughter at the victim of a prank. Theorized to be a splinter group of Anonymous^[2], The Wall Street Journal has characterized their attacks as closer to internet pranks rather than serious cyberwarefare. They have gained attention in part due to their brazen claims of responsibility and lighthearted taunting of corporations that have been hacked. They frequently refer to Internet memes when defacing websites. The group first emerged in May 2011, and has successfully attacked the websites of several major corporations.^[3] They specialize in finding websites with poor security, and then stealing information and posting it online. They have used well-known straightforward methods, such as SQL injection, to attack their target websites.^[1]

The group has used the motto "Laughing at your security since 2011" and their website, created in June 2011, plays the theme from The Love Boat.^[3] They announce their exploits via twitter and their own website, oftentimes accompanied with lighthearted ASCII art of boats. This website also includes a Bitcoin donation to help fund them, and they have received over $7000 USD^[4]. Though the amount of members and exact motivation of the group are unknown,^[1] Ian Paul of PC World has written that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes."^[5] The group has also been critical of White hat hackers, claiming that many of them have been corrupted by their employers.^[3]

The group's first recorded attack was against Fox.com's website. They claimed responsibility for leaking information, including passwords, altering several employees Linkedin profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants.^[6][7]

There have been attempts by the FBI to arrest the members of Lulzsec. What appeared to be the private chat logs of Lulzsec were release by an IRC user known as m_nerva, which led to the arrest of Robert Cavanaugh, a teenage male. Lulzsec revealed that this was a recruiting bay for side projects, and that their main channels remain unaffected, and that no one actually involved with Lulzsec has been arrested. Although they found the event humorous, they hacked user m_nerva as revenge on behalf of their "subcrew".^[8][9][10]

Major attacks

PBS

In May 2011 members of Lulz Security hacked into the Public Broadcasting System (PBS) website. They stole user data and posted a fake story on the site which claimed that Tupac Shakur was still alive and living in New Zealand.^[11]

Lulz Security claimed that some of their hacks, including their attack of PBS, were motivated by a desire to defend Wikileaks and Bradley Manning.^[12] A FoxNews report on the group quoted one commentator, Brandon Pike, who claimed that Lulz Security is affiliated with the Anonymous group. Lulz Security claimed that Pike had actually hired them to hack PBS. Pike denied the accusation and claims it was leveled against him because he said Lulz Security was a splinter of the Anonymous group.^[13]

Sony

In June 2011, members of the group claimed responsibility for an attack against Sony and took data that included "names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people".^[14] The group claimed that they used an SQL injection attack,^[15] and were motivated by Sony's legal action against George Hotz for jailbreaking into the PlayStation 3. The group claims they will launch an attack that will be the "beginning of the end" for Sony.^[16] Some of the compromised user information has been used in scams.^[17]

InfraGard

Lulz Security also claims to have hacked InfraGard, a company affiliated with the FBI that does work on botnet detection,^[3] in June 2011. The group leaked some of Infagard's E-mails and a database of users.^[18] The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", and a video. LulzSec has posted the following message regarding the attack,

"It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it [...]".^[19]

Nintendo

Lulz Security attempted to hack into Nintendo, but both the group and Nintendo itself report that no particularly valuable information was found by the hackers.^[20] LulzSec claims that it does not mean to harm Nintendo: "We’re not targeting Nintendo. We like the N64 too much — we sincerely hope Nintendo plugs the gap."^[21] Additionally, LulzSec tweeted, following the incident, "Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm. Nintendo had already fixed it anyway. <3 them!"

See also

• Goatse Security

References

1. "Q&A: Lulz Security". BBC. 6 June 2011. Retrieved 6 June 2011.
2. http://www.pcmag.com/article2/0,2817,2386493,00.asp?kc=PCRSS05079TX1K0000992
3. Morse, Andrew; Sherr, Ian (6 June 2011). "For Some Hackers, The Goal Is Just To Play A Prank". The Wall Street Journal. p. B1. Retrieved 6 June 2011.
4. <http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/
5. Paul, Ian. "Lulz Boat Hacks Sony's Harbor: FAQ." PC World. June 3, 2011. Retrieved on June 6, 2011.
6. "Who is LulzSec, Hacker of PBS? Are they hacking Sony again?". International Business Times. Retrieved 3 June 2011.
7. Poulsen, Kevin. "Sony Hit Yet Again; Consumer Passwords Exposed". Wired. Retrieved 3 June 2011.
8. http://pastebin.com/yut4P6qN
9. http://www.theepochtimes.com/n2/technology/lulzsec-member-arrested-group-leaks-sony-database-57296.html
10. http://www.theepochtimes.com/n2/technology/following-arrest-lulzsec-says-theyre-still-going-strong-57312.html
11. CNN Wire Staff. "Hackers pirate PBS website, post fake story about Tupac still alive". CNN. Retrieved 3 June 2011. {{cite web}}: |last= has generic name (help)
12. Olson, Parmy. "Interview With PBS Hackers: We Did It For 'Lulz And Justice'". Forbes. Retrieved 3 June 2011.
13. Kaplan, Jeremy (2 June 2011). "Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs". Fox News. Retrieved 3 June 2011.
14. Pepitone, Julianne (2 June 2011). "Group claims fresh hack of 1 million Sony accounts Money". CNN. Retrieved 3 June 2011.
15. Ogg, Erica. "Hackers steal more customer info from Sony servers". CNET. Retrieved 3 June 2011.
16. Reisinger, Don. "Tupac hackers to Sony: 'Beginning of the end'". CNET. Retrieved 3 June 2011.
17. Ars Staff. "Lulz? Sony hackers deny responsibility for misuse of leaked data". Ars Technica. Retrieved 3 June 2011.
18. "LulzSec claims to have hacked FBI-affiliated website". LA Times. Retrieved 4 June 2011.
19. Read, Max. "LulzSec Hackers Go After FBI Affiliates". Gawker. Retrieved 4 June 2011.
20. "Lulzsec Hacks Nintendo: No User Information Released". PCMag. {{cite web}}: |access-date= requires |url= (help); Missing or empty |url= (help); Text "http://www.pcmag.com/article2/0,2817,2386428,00.asp" ignored (help)
21. "Nintendo Is Hit by Hackers, but Breach Is Deemed Minor". New York Times. {{cite web}}: |access-date= requires |url= (help); Missing or empty |url= (help); Text "http://www.nytimes.com/2011/06/06/technology/06hack.html" ignored (help)

External links

• Lulz Security on Twitter
• Lulz Security Website
• LulzSec at Formspring