LulzSec (a contraction for Lulz Security) was[1] a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline.[2] Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse.[3] It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.
LulzSec drew its name from the neologism "lulz", (from lol), "laughing out loud", which represents laughter, and "Sec", short for "Security". The Wall Street Journal characterized its attacks as closer to Internet pranks than serious cyber-warfare,[9] while the group itself claimed to possess the capability of stronger attacks.[citation needed] It gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that were hacked. It frequently referred to Internet memes when defacing websites. The group emerged in May 2011, and successfully attacked websites of several major corporations.[9] It specialized in finding websites with poor security, stealing and posting information from them online. It used well-known straightforward methods, such as SQL injection, to attack its target websites.[10] Several media sources have described their tactics as grey hat hacking.[10][11][12] Members of the group may have been involved in a previous attack against the security firm HBGary.[13]
legend online special hack 2012 11 22.rar
LulzSec consisted of seven core members.[21] The online handles of these seven were established through various attempts by other hacking groups to release personal information of group members on the internet, leaked IRC logs published by The Guardian, and through confirmation from the group itself.[26]
On 20 June, the group announced it had teamed up with Anonymous for "Operation Anti-Security". They encouraged supporters to steal and publish classified government information from any source while leaving the term "AntiSec" as evidence of their intrusion. Also listed as potential targets were major banks.[46] USA Today characterized the operation as an open declaration of cyberwarfare against big government and corporations.[81] Their first target of the operation was the Serious Organised Crime Agency (SOCA), a national law enforcement agency of the United Kingdom. LulzSec claimed to have taken the website offline at about 11 am EST on 20 June 2011, though it only remained down for a few minutes.[82] While the attack appeared to be a DDoS attack, LulzSec tweeted that actual hacking was taking place "behind the scenes". At about 6:10 pm EST on 20 June, SOCA's website went down yet again.[83] SOCA's website was back online sometime between 20 and 21 June.[84] The website of the local district government of Jianhua District in Qiqihar, China, was also knocked offline.[85] Early in the morning on 22 June, it was revealed that LulzSec's "Brazilian unit" had taken down two Brazilian government websites, brasil.gov.br and presidencia.gov.br.[86][87] They also brought down the website of Brazilian energy company Petrobras.[88]
On 25 June 2011, LulzSec released what they described as their last data dump. The release contained an enormous amount of information from various sources. The files contained a half gigabyte of internal information from telecommunication company AT&T, including information relating to its release of 4G LTE and details pertaining to over 90,000 personal phones used by IBM. The IP addresses of several large corporations including Sony, Viacom, and Disney, EMI, and NBC Universal were included.[99][100] It also contained over 750,000 username and password combinations from several websites,[100] including 200,000 email addresses, usernames, and encrypted passwords from hackforums.net; 12,000 names, usernames, and passwords of the NATO online bookshop; half a million usernames and encrypted passwords of players of the online game Battlefield Heroes; 50,000 usernames, email addresses, and encrypted passwords of various video game forum users; and 29 users of Priority Investigations, an Irish private investigation company. Also included were an internal manual for AOL engineering staff and a screencapture of a vandalized page from navy.mil, the website of the United States Navy.[99] Members of the group continued the operation with members of Anonymous after disbanding.[24]
A number of different hackers have targeted LulzSec and its members in response to their activities. On 23 June 2011, Fox News reported that rival hacker group TeaMp0isoN were responsible for outing web designer Sven Slootweg, who they said used the online nickname Joepie91,[109] and that they have intentions to do the same with every member.[110] A Pastebin post in June 2011 from hacker KillerCube identified LulzSec leader Sabu as Hector Xavier Monsegur, an identification later shown to be accurate.[111]
A short time before LulzSec claimed to be disbanding, a group calling itself the A-Team posted what they claimed was a full list of LulzSec members online along with numerous chat logs of the group communicating with each other. A rival hacker going by the name of TriCk also claimed to be working to reveal the group's identities and claimed that efforts on the part of rival hackers had pushed the group to disband for fear of being caught.[120]
On 21 June 2011, the London Metropolitan Police announced that they had arrested a 19-year-old man from Wickford, Essex, named by LulzSec and locally as Ryan Cleary,[121] as part of an operation carried out in cooperation with the FBI.[122] The suspect was arrested on charges of computer misuse and fraud,[123] and later charged with five counts of computer hacking under the Criminal Law Act and the Computer Misuse Act.[124] News reports described him as an alleged member of LulzSec.[125] LulzSec denied the man arrested was a member.[126] A member of LulzSec claimed that the suspect was not part of the group, but did host one of its IRC channels on his server.[127] British police confirmed that he was being questioned regarding alleged involvement in LulzSec attacks against the Serious Organized Crime Agency (SOCA) and other targets. They also questioned him regarding an attack on the International Federation of the Phonographic Industry in November 2010.[124] On 25 June 2011 the court released Cleary under the bail conditions that he not leave his house without his mother and not use any device connected to the internet. He was diagnosed the previous week with Asperger syndrome.[128]In June 2012 Cleary, together with another suspected LulzSec member, 19-year-old Jake Davis, pleaded guilty conspiring to attack government, law enforcement and media websites in 2011.[129]
On 22 September 2011, the FBI arrested Cody Kretsinger, a 23-year-old from Phoenix, Arizona who was indicted on charges of conspiracy and the unauthorized impairment of a protected computer. He is suspected of using the name "recursion" and assisting LulzSec in their early hack against Sony Pictures Entertainment, though he allegedly erased the hard drives he used to carry out the attack.[143] Kretsinger was released on his own recognizance under the conditions that he not access the internet except while at work and that he not travel to any states other than Arizona, California, or Illinois. The case against him was filed in Los Angeles, where Sony Pictures is located.[144] Kretsinger pleaded guilty on 5 April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer.[145] On 19 April 2013, Kretsinger was sentenced for the "unauthorized impairment of protected computers" to one year in federal prison, one year of home detention following the completion of his prison sentence, a fine of $605,663 in restitution to Sony Pictures and 1000 hours of community service.[146] 2ff7e9595c
Comments