Print 29 comment(s) - last by neogrin.. on Jun 6 at 12:35 PM

LulzSec hacked an FBI affiliate and used obtained information to threaten others.  (Source: Google Cache)

The griefer group has been gaining attention of late for a series of high profile attacks.
Griefer organization isn't worried about making enemies

LulzSec ("Lulz Security") has exploded onto the world hacking scene with a series of high profile system intrusions that have drawn sympathy from some and outrage from others.  Now they've stepping up their attacks, blasting new targets.

I. LulzSec?

Before a few weeks ago pretty much no one had heard about LulzSec.  Now they're making the evening news.

Two weeks ago LulzSec was one of several parties who hacked Sony Corp (6758) using SQL injection to exploit access vulnerabilities in the company's online databases.  At the time most considered LulzSec just another hacker group targeting Sony.

Sony had in recent months become a whipping boy for the hacker community after it allegedly abused the U.S. federal court system to gain access to the personal accounts of famed hardware hacker George "GeoHot" Hotz, invading the young man's privacy.  The hacking community was also resentful about Sony's decision to try to block users from installing Linux on their PlayStation 3s -- a practice they once promoted.  

But LulzSec showed themselves to be more than just an anti-Sony group.  After news network PBS aired a FRONTLINE special called "WikiSecrets", LulzSec hacked the network's servers posting offensive fake stories.  

The group said they attacked the news network because they were upset that its special didn't portray the controversial leaks site Wikileaks in a wholly positive manner.  The decision to mix critical commentaries in with praising ones in the special was apparently unacceptable to the group, and PBS paid the price for its rounded coverage.

And most recently the group hacked Sony yet again, this time completing a much larger breach in which they scooped over 1 million user names and passwords from an online picture service from the company.  Allegedly the passwords were stored in plain text, an astoundingly careless move.

II. Attacks on Fellow Hackers

This last week, in addition to the Sony hack, LulzSec has had its hands full with new targets.

The group targeted famed hacking magazine 2600's servers due to its frustrations at a certain young hacker that used them.  The group claims that a Dutch youth named Martijn Gonlag, who goes by the name "awinee" on Twitter used 2600's IRC and proxy servers.

Mr. Gonlag who recently was arrested [1][2] (video) when he bungled an attempt to use the distributed denial of service (DDOS) tool "Low Orbit Ion Cannon" and accidentally DDOS attacked the Dutch government.

Since then he's carried out a confrontational dialogue with LulzSec on Twitter, with LulzSec mocking his inexperience.

2600 apparently was caught in the crossfire of this grudge match.  LulzSec elected to carry out distributed denial of service attacks on its fellow hackers, taking down IRC chat channels and proxy servers.  The physical news webpage remained accessible throughout much of the week, though.

The IRC channels have recently come back online as the group appears to finally be ceasing hositilities.

But the group appears to be targeting another hacker now -- an individual who goes by the name "th3j35t3r" ("The Jester" in leetspeak).  The Jester primarily leads (first party) denial of service attacks against violent jihadist recruiting websites, acting as a "hacktivist".  He has taken down sites belonging to the Taliban and al-Qaida.  He's also carried out attacks against the Westboro Baptist Church, a radical Kansas-based Christian church who advocates killing gays and who has cheered the death of American soldiers the Middle East.

But The Jester ran afoul of LulzSec due to his role in DOS attacks against Wikileaks.  Now The Jester and LulzSec are engaged in a hostile dialogue on Twitter, in which both parties have implied that they may be looking to attack each other.

III. Pro-FBI Nonprofit Hacked

But LulzSec's highest profile intrusion may have just occurred last night.  In an operation it called "f-ckFBIFriday", it hacked nonprofit Infragard.  

According to Infragard's website, it is a 42,000+ member strong organization that helps connect local businesses with the U.S. Federal Bureau of Investigations to protect themselves from crime.

Late Friday LulzSec hacked the group's servers, grabbing e-mails, passwords and personal contact information for about 180 members.  The group posted a 700 MB torrent, which it claimed to be full of internal emails.  The group also defaced Infragard Atlanta's website posting a defiant message to the FBI posting the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS".

The defaced page carried a picture of LulzSec's favorite target, Mr. Gonlag.

LulzSec has also been at war with Karim Hijazi, CEO of botnet-tracking company Unveillance.  Mr. Hijazi accuses them of trying to hack into his company's corporate network with iPredator, a VPN tunneling tool.  He says they also used phone line tapping techniques to listen in and record an internal call.

He alleges that the LulzSec team contact him via IRC chat demanding he turn over logs on the botnet of Anonymous, which has been used to carry out pro-Wikileaks attacks on U.S. businesses and the U.S. government.  That botnet is believed to be composed of innocent civilians' computers infected by viruses propagated by Anonymous's hacker members.

LulzSec is also believed to have grabbed additional information using Mr. Hijazi's password from Infragard, which LulzSec claims was the same as his passwords for company servers.  By breaching Infragard, LulzSec appears to have gained the means to breach Unveillance as well.

In an interview with CNET he states, "They had me under the gun for a little over a week with threats and extortion. The very nature of having to contend with someone who is holding something ransom is not pleasant."

LulzSec has posted on Twitter claiming Mr. Hijazi tried to hire him and citing his "corrupt" behavior as justification for their leak of his company's information.  They write:

Karim offered to go into business with us even before we put on the pseudo-extortion. He tried even harder after - corrupt, filthy man.

We leaked Karim because we had enough proof that he was willing to hire us as hitmen. Not a very ethical thing to do, huh Mr. Whitehat?

IV. Who is LulzSec?

LulzSec sure is making a lot of enemies -- likely some hackers at 2600, The Jester, the FBI, Unveillance, Infragard, Sony, and more.

The group maintains chat channels on and maintains an "official" webpage at  The group also communicates with the public through Twitter and Pastebin postings.

Its members firmly assert that they are not a renaming of the 4Chan hacker group Anonymous, despite sharing many similar enemies -- those who criticize Wikileaks, Sony, et al.

What is known about LulzSec at this point is that they are very sophisticated attackers.  They also appear to be members of the growing "griefer" movement, which includes such players as the obscenely-named GNAA/GoatseSec and Gnosis (who breached Gawker Media, owners of Gizmodo, last year).

The thing about griefers is that they love free speech -- until it works against them.  For that reason, and for the wealth of corporations with woeful security (link to LulzSec's hack of Nintendo), we doubt the online world has seen the last of LulzSec, who these days is given Anonymous a run for its money.

It should be interesting to see how the U.S. intelligence community responds, now that LulzSec's attacks are hitting close to home.

Update: Sunday 6/5/2011 12:25 a.m.-

Adrian Lamo, famed hacker/"snitch" and admin for 2600 shared the following statement with us:

Lulzsec's activities on 2600's IRC servers at have been an ephemeral issue, which has been resolved internally in hacker tradition.

Indiscriminate attacks accomplish nothing, and the methods employed by LulzSec would be better-used against states hostile to the United States.

Attacks against government-affiliated entities such as Infragard are exceptionally unacceptable, and require decisive action if continued.

On a lighter note, I am proud to be the "owner" of - I appreciate the gift.

Apparently LulzSec registered their website using Mr. Lamo's 2600 email address, so he now has rights to the domain.  Mr. Lamo has been in the spotlight since he turned in accused Wikileaks source U.S. Army Spc. Bradley Manning last summer.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Watch them cry soon
By chick0n on 6/5/2011 12:28:26 AM , Rating: 3
when FBI walk into their mom's basement (all of them)



By UnauthorisedAccess on 6/5/2011 1:39:55 AM , Rating: 4 that the 4chan party van pulling into my drivewaNNGGGGGGGGHHHHH!!

RE: Watch them cry soon
By Aloonatic on 6/5/2011 5:30:22 AM , Rating: 2
If they are any good, they'll probably end up being offered a job.

RE: Watch them cry soon
By Daemyion on 6/5/2011 7:17:49 AM , Rating: 2
Of course! Like they offered Mitnick!

Oh wait...

RE: Watch them cry soon
By SunTzu on 6/5/2011 8:44:02 AM , Rating: 2
Mitnick got quite wealthy after his time was up.

RE: Watch them cry soon
By Samus on 6/5/2011 9:15:30 AM , Rating: 2
And how much exactly is prison time worth?

RE: Watch them cry soon
By Daemyion on 6/5/2011 2:39:57 PM , Rating: 2
4.5 years (8 months in solitary confinement) +
~1 years on the outside during which he couldn't touch anything more than a land-line
------------------------------------------------- ------

nothing but lulz....

I also can't verify that he's "very wealthy". Under the plea he can't profit from book/movie deals, and he's self employed @ "Mitnick Security Consulting LLC". Make of it what you will...

RE: Watch them cry soon
By HrilL on 6/6/2011 11:17:17 AM , Rating: 2
If they're really good they won't get caught either... But it seems like their high profile attitude could be their one weakness.

RE: Watch them cry soon
By tng on 6/5/2011 11:46:26 AM , Rating: 3
The thing about griefers is that they love free speech -- until it works against them.
Yes the sign of a immature, insecure person with few or no interpersonal skills. Spent to much time online and to little talking to real people. So yeah, probably living in mom's basement and was a spoiled brat growing up.

This is now BS
By pr0m3th3u5 on 6/5/2011 1:09:18 AM , Rating: 3
I can not believe what I am reading, these douchebags are attacking 2600? 2600, cDc, l0pht they are all the grandfathers to the hacking scene. Then these no skill half brained idiots start messing with them. Garbage crackers why don't they go back to cracking software or putting up torrents, or maybe better yet go back to the Jolly Rodgers Cookbook follow his directions and do themselves in. They are playing with masters and are going to get slapped down like the red headed step children they are.

RE: This is now BS
By Darkefire on 6/5/2011 1:30:13 AM , Rating: 5
They're getting cocky, thinking that they're the greatest hackers in the world because they've blasted a few high-profile targets with lax security. Pretty soon they're going to pick on someone bigger than they are, and then the real lulz will begin.

RE: This is now BS
By chick0n on 6/5/2011 7:38:05 AM , Rating: 1
they already picked someone bigger than they will ever be.

gotta love these script kiddies.

RE: This is now BS
By slunkius on 6/6/2011 2:00:37 AM , Rating: 2
"script kiddies", as in you are master in much more sophisticated attacks? if your are better than them, go and make them sorry.
gotta love keyboard cowboys like you

RE: This is now BS
By neogrin on 6/6/2011 12:35:23 PM , Rating: 2
You don't need to be an expert to be able to recognize skill (or lack thereof).

We've seen a SQL injection "hack" and a DoS or two from these guys. Neither of which are too impressive.

So yes, at this point, "script kiddies" would be a valid label for these guys.

Maybe when they get done waving their arms and yelling "Look At Me", they could actually pull off a sophisticated Hack.

RE: This is now BS
By RedemptionAD on 6/6/2011 7:18:55 AM , Rating: 2
That group while may be getting a little cocky, but there was a recent audit by the DOJ that showed that over 30% of the FBI cyber security personel was unfit for the task. This is the article that I found on a quick BING search(the source may have a religous context, but the fact of the audit is the important part and can be quoted from many other sources)

From a security standpoint, if they know what they are doing they can cover their steps for quite a while before ever getting caught. Anonymous has been active for quite some time and they still are no weaker than when they started. Decentralized guerrilla cyber war is a nearly impossable task to stop, no matter who they face.

By dagamer34 on 6/5/2011 10:09:29 AM , Rating: 1
So in other words they think they're cool because they're acting like children? It's only a matter of time until one of these bozos decides it's a nifty idea to hack government databases "just cuz" and then they'll be thrown in jail for the rest of their life accused of espionage, if not worse.

RE: Yeah...
By Solandri on 6/5/2011 8:20:37 PM , Rating: 5
Basically, these guys are like kids who have discovered that windows can be broken if you throw a rock at them, because everyone just uses regular glass for all their windows instead of shatter-proof acrylic.

Part of making a functional society is an implicit agreement by everyone to behave. They agree not to do certain easy things (like running around throwing rocks at everyone's windows) because fixing the problem (making all windows shatter-proof) is a whole lot more expensive than everyone just implicitly agreeing not to break them, and arresting those who do.

That hasn't been the case on the Internet. Emboldened by anonymity, people say and do things on the Internet which would be completely unacceptable in real life. What we're seeing now is that attitude starting to have RL consequences beyond hurt feelings from a flame war. It's the culmination of a question that came up early in the life of the Internet. The answer to it (how government, law enforcement, and the courts react to it) is going to redefine the relationship between our online and RL personas: How much anonymity are we allowed? Should things that cause only virtual damage have RL punishments? etc. All that stuff about cyber-bullying suicides, and Blizzard trying to enforce real IDs on their forums, and these hacking groups and script kiddies, are all just different aspects of this one issue.

By Reclaimer77 on 6/4/2011 8:35:28 PM , Rating: 3
Clearly this magazine AND the FBI also conspired to remove the OtherOs feature from the PS3, so they had to pay! /sarcasm

By NicodemusMM on 6/4/2011 10:09:16 PM , Rating: 4
1. characteristic of or befitting an infant; babyish; childish: infantile behavior.

2. See LulzSec, Lulz Security, LulzCo

So... LulzSec will attack you if: lack their level of douchbaggery (they call it hacking) attack terrorist organizations don't blow smoke up WikiLeaks' ass to their satisfaction.
... etc, etc, ...

This is what happens when skill at a very particular task meets a lack of general intelligence.

RE: Infantile...
By icanhascpu on 6/4/11, Rating: -1
Hackers should enjoy the run
By omgwtf8888 on 6/6/2011 9:27:02 AM , Rating: 2
Even though the courts have restricted government activities such as carnivour, the NSA and Cyber command are busy putting some massive super computers to work. If the government can put micro encoding into all printers and copiers it stands to reason that it is not out of the question for all cpus to be stamping all processes with your gps location. Given that my cel phone can give up my location, i would not be surprised if every cpu doesnt have a small piece of silicone that can do the same thing.

By Lazarus Dark on 6/5/2011 1:02:14 AM , Rating: 1
Seriously, every link I was like: "I'm not clicking that".

I prefer to stay out of their way (until the day comes when they do something to disrupt my own personal day-to-day activities)

Uh ok?
By icanhascpu on 6/4/11, Rating: 0
We need AOL back!
By Ilfirin on 6/5/11, Rating: 0
One more thing..
By icanhascpu on 6/4/11, Rating: -1
RE: One more thing..
By troysavary on 6/5/2011 8:35:07 AM , Rating: 2
We don't need a lesson in censorship from a website that give an automatic -1 for bad words in posts.

No, it would be censorship if they did not allow you to say "fuck". Otherwise, use it or don't, but don't cry about the downrating.

RE: One more thing..
By tng on 6/5/2011 11:54:44 AM , Rating: 1
He really doesn't know what censorship is obviously.

The fact that he probably would support the banning of ideas that he does not agree with, but cries foul when someone questions the motives of Wikileaks gives a good idea of his understanding of censorship.

Would be funny if...
By EricMartello on 6/5/11, Rating: -1
RE: Would be funny if...
By sorry dog on 6/5/2011 11:18:40 PM , Rating: 3
Note to self:

Make dailytech password different than password to porn stash.

...and bank account.

"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki