WASHINGTON – Names, addresses, passwords – even government web sites.
Hacker group LulzSec caused a frenzy this spring by breaking into servers belonging to everyone from Sony to the CIA. The six-member team set sail on the LulzBoat on May 7, documenting their virtual adventures on Twitter and publishing their own press releases via PasteBin.com.
The operation began as retaliation against Sony on behalf of a fellow hacker, but the mission soon morphed into what LulzSec claimed was an anti-government public service by the time the group’s 50-day venture was over on June 26.
But there are some who believe that instead of a public service, the operation was “a way of providing a nice sounding context to some activities that were fundamentally founded on joyous anarchy,” said Michael Tiffany, a self-proclaimed hacker and chief architect of Recursion Ventures, a technology company specializing in online security.
“We’ve built this entire edifice on top of what everyone recognizes as a flawed architecture,” James Mulvenon said at a cyber security conference Potomac Institute of Policy Studies in Arlington, Va. recently. Mulvenon is a security expert and director of Defense Group, Inc., a national security company.
“It was never designed to have security built in and now we rest some huge percentage of the global economy on an architecture that we’ve basically been duck tapping security to for the last 30 years,” Mulvenon added.
Incidents
– May 6: LulzSec establishes their presence on Twitter. Soon, the group publishes the contestant list from the show X Factor. They continue attacking Fox by hacking into the LinkedIn pages of various employees.
– After a Frontline documentary dubbed Wikisecrets that the group believed to be biased against a Wikileaks leaker, LulzSec hacked the PBS web site twice. Once to post a fake news story about rapper Tupac Shakur – who was murdered in 1996 – still being alive, and again to deface the PBS.org site.
– May 23: The team achieves their most publicized stunt – the publication of databases, music coupons and user information from Sony, dubbing it Sownage.
– June 5: After an announcement by the Pentagon that major cyber hacking was now considered an act of war, LulzSec targets the government by hacking into FBI-affiliated web site, InfraGard.
– June 15: The group claims responsibility for taking down the CIA’s public site with a simple message: “Tango down – cia.gov – for the lulz.”
– June 26: LulzSec ceases the anti-security movement with their final press release:
We hope we had a microscopic impact on someone, somewhere. Anywhere.
While the Lulz operation is believed to have begun as proof of power and to showcase the lack of online security everywhere, a review of their press releases shows a slowly morphing mission. It soon became less about “the lulz” and more about how others should continue to show how accessible personal information is about everyone who goes on the Internet.
According to their last will and testament:
Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us.
So how did so few people cause such a huge impact? The answer lies in the fact that the internet is quite possibly today’s most misunderstood mechanism. Despite the fact that cyber attacks among hackers is rooted in humor, LulzSec did expose major flaws in online security.
“We’re in a period right now of what I would term, cyber instability,” Mulvenon said.
“These guys were just out looking to have fun at other people’s expense,” Tiffany said. “Some people make fun of other people on forums. They’re making fun of other companies by embarrassing them by breaking into their servers.”