Historic Hacks: LulzSec
In today’s edition of Historic Hacks, we will be looking at a sequence of attacks perpetrated by the group LulzSec, or Lulz Security, that occurred in 2011. The black hat hacking group claimed a variety of attacks that range from a high-profile Sony to taking the CIA website offline. Some experts claim that LulzSec helped identify holes in major security systems. However, the majority of the public saw the group as a major threat to digital security.
Do it for the Lulz
The organization comprised of six members who carried the mottos “The world’s leaders in high-quality entertainment at your expense” and “Laughing at your security since 2011.” One of LulzSec’s founders, Hector Monsegur (aka Sabu), helped the group attack a variety of websites as retaliation for a variety of somewhat strange reason. Targets were often the media and the most prominent motivation for attacks could often be summed up as “We don’t like you.”
LulzSec was mostly seen as an annoyance due to the fact that most of their shenanigans included hacking into websites to leave traces of the hack behind. For example, one hacking targeted the Public Broadcasting Service (PBS). LulzSec left behind a fake article detailing that Tupac Shakur and Biggie Smalls were not dead. The article claimed that they were both alive and well, and living it up in New Zealand.
The genius in LulzSec was that the members of the organization were completely anonymous – even to one another. The level of secrecy made any attempts at stopping the organization very difficult for authorities.
The group’s hacks gradually increased in intensity. The damages wrought to help secure them a place in our Historic Hacks series. In 2011, the group attacked The PlayStation Network and stealing the personal information of 24.6 million customers. The attack took PlayStation offline for days. The group boasted of their success after the attack, referring themselves as “gods.”
For their next target, LulzSec chose to attack an FBI-affiliated website. By targeting a government rather than a private company, the organization hugely increased the risks associated with hacking. The group members were careful to use Tor to remain anonymous, however, one slip led to the fall of LulzSec. Reports indicate that Sabu forgot to log in through Tor when entering an online chat room. FBI officials were then able to track his IP to his apartment in Manhattan.
When the Lulz stop…
Once authorities identified a member of LulzSec, the rest of the organization unraveled quite quickly. Sabu, now identified as Hector Xavier Monsegur, helped officials identify the remaining five members of the group as part of a plea deal. Four members located in the United States were arrested in March 2012. Two British members were later announced to be identified and arrested by British Authorities.
According to The Guardian, “They knew each other’s online “handles”: Ryan Cleary, based in Wickford, Essex, was “Viral”; Jake Davis, from near Lerwick, Shetland, was “Topiary”; Mustafa Al-Bassam, in south London, was “Tflow”; Ryan Ackroyd, in Mexborough, South Yorkshire, was “Kayla”, a former army recruit who pretended online to be a teenage girl based in the US. The fake profile was created to throw those trying to discover his identity off the scent.”
While it may seem a sad end to a vigilante group of activists. However, in reality, the picture that was painted later by authorities is much grimmer. Many of the LulzSec members, upon further investigation, had other crimes that were much more sinister than hacking. Now facing charges ranging from child pornography to large-scale DDoS, spamming, and fraud, the members of the organization were no longer LOLing.