LulzSec: We Can Haz Your Internetz
Just who is LulzSec? Officially named Lulz Security, they are a hacker group who has gained notoriety this past month with several high profile attacks against corporate companies and government agencies. The most prolific of these attacks were against Sony, where they compromised over 1,000,000 accounts, and the attack that took the CIA web site offline.
The group first emerged in May 2011 and was seen more as an Internet prankster rather than a serious cyberattacker. The in June with the attack against Sony and its PlayStation Network Lulzsec appeared to start an all out cyberwar against anyone and everyone.
Last week they released an official statement attempting to explain their actions, available to read here. There they state "that our actions are causing clowns with pens to write new rules for you. But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing..."
The gist of the statement is that Internet security is not what it could be, and that hackers don't always announce what they've hacked. They say, "...You are a peon to these people. A toy. A string of characters with a value. This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh
200,000 peons to abuse, completely unaware of a breach."
The statement goes on making light of the group's most recent actions including releasing user names and passwords for a variety of sites across the Web, including Facebook, GMail, PayPal and Amazon accounts. "Welcome to 2011," it continues. "This is the lulz lizard era, where we do things just because we find it entertaining. [...] You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it."
LulzSec's theory behind releasing lists of hacked usernames or informing the public of vulnerable websites, is that it gives users the opportunity to change names and passwords elsewhere that might
otherwise have been exploited. While it does not appear that they are in it for a financial profit, they do have a track record of using compromised accounts to spread the mayhem around.
On June 20, 2011, LulzSec essentially declared war on the Internet. They teamed up with Anonymous, another popular hacker group, for "Operation Anti-Security". Together they encouraged supporters to hack into, steal, and publish classified government information from any source while leaving the term "Antisec" as evidence of their intrusion.
There was a global response from local law enforcement after this latest decree and on June 21, 2011 Ryan Cleary, a 19 year old man from Wickford, Essex, was arrested as part of an operation carried out in cooperation with the FBI. Original reports stated that he was a member of LulzSec. LulzSec denies that and states that he was in fact a host one of its IRC channels.
At the same time as Cleary's arrest, the FBI raided the Reston, Virginia facility of Swiss web hosting service DigitalOne. The raid which took several legitimate websites offline for a few hours was rumored to be related to the LulzSec investigation.
Just as the battles to stop the antics of LulzSec are starting, a rival hacker group TeaMp0isoN announced they are responsible for outing web designer and alleged LulzSec member Sven Slootweg. They have intentions to do the same with every member and proof that LulzSec is just "a bunch of script kiddies."
So what is let for us to do in the mean time you may wonder. The best advice to offer is to sit back and watch law enforcement and rival hacker groups duke it out and try to not get caught in the cross fire.
The best way to do this is to make sure you are using a different secure password for every online activity you are involved in. The best passord is one that is at least 8 characters long and is comprised of letters, numbers, and characters.?