The Joy of (Lulz)sec

Posted on: 23 June 2011 by Alexander Hay

Despite a crackdown, this notorious hacking outfit remains at large.

I've got you, under my skin.

Jack Shepherd, hung at Tyburn, might have approved. Dick Turpin and the rest of the highwayman scene would have surely approved. And if Johnathon Wild had been put on the case, he'd have surely exchanged a wink and a nod with his quarry, if only for their sheer brazen cheek.

For if the now infamous hacking outfit Lulz Security, or 'Lulzsec', share any lineage, it must surely be with the denizens of the 18th century criminal underworld; larger than life yet enigmatic, playing the system and yet, like Wild, quite possibly also part of it. Sordid and shadowy, yet resourceful and ruthlessly... cheeky. And with every outrage, their notoriety (and, with almost 230,000 followers on twitter, a fan club) grows ever more into full-on folklore.

But first, a resume of the last few months. The 'Lulzboat' struck its first big target in May, when it hacked into the web site of the Public Broadcasting System, an undernourished American equivalent of the BBC. Vandalising its front page in revenge for coverage of Wikileaks, and its alleged mole turned official US government scapegoat, Bradley Manning, that Lulzsec didn't consider flattering enough. The hackers group also used the PBS News Twitter feed to spread rumours that dead rapper Tupac Shakur was in fact living in New Zealand (presumably down wid da hobbitz).

After releasing data on scores of UK ATMs (but thankfully, no account data), the next big raid was on Sony, ransacking user data in revenge for legal action Sony took on another hacker. Lulzsec then hacked into a pornographic web site, publishing the user names and passwords of many subscribers (including several employees of the US military and government).

After attacking several games company sites, the hackers then pulled off three spectaculars - subverting an FBI affiliate site and leaking the details of several US senators, before taking out the CIA web site with a concentrated denial-of-service (DDoS) attack. Almost as an afterthought, they then briefly shut down a Chinese government site and, shockingly close to home, took down the UK's Serious Organised Crime Agency's site twice in a row.

At first, the last effort seems to have been a fatal mistake. It was announced yesterday that a 19-year-old 'ringleader' was arrested in - of all places - Essex, but like the proverbial Lernaean Hydra (or an army of vengeance-crazed keyboard warriors), it seems Lulzsec is neither a one-man-outfit, nor that particular young man either. As the official Twitter feed announced soon after the arrest was made public:

Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?

Like most anti-heroes, however, Lulzsec seems to be rather sentimental. The only harm they wrought upon Nintendo was a warning that it needs to resolve the security issue the hackers had discovered. The NHS was similarly spared. "We mean you no harm and only want to help you fix your tech issues", the group proclaimed soberly when informing the NHS of what happened. These flourishes of mercy, combined with a certain mercilessness towards those who are deemed to have crossed the hacking community, or at least those parts of it with Lulzsec sympathies, again bring us back to the old folk hero criminals, outsmarting lumbering, corrupt organisations and aiding, or at least not preying on, the deserving and the meek. Or so the stories go.

That's one reading of their actions. Another is, however, that such organisations are powerful and dangerous. Might hackers one day bring down an entire country, if only for a few minutes? The panicked investment in cyber warfare defence by many countries suggests that such a threat is credible to varying degrees. And what's to stop rogue elements with Lulzsec from looting bank accounts or committing fraud with purloined data, as has already happened? It's entertaining right now only because not too much blood has yet been spilt.

What next for Lulzsec? There seems to be some sort of central command, given the presence of an official site and aforementioned Twitter feed, not to mention a telephone hotline. It would certainly please the American and British governments to make examples of them.

Or Lulzsec may simply run out gags to pull, splinter with boredom and disappear just as suddenly as it appeared, leaving behind only hearsay and urban legend in its wake.

Share with friends


Alexander Hay

Do you agree with this Article? Agree 0% Disagree 0%
You need to be signed in to rate.

Loading comments...Loader