Print 29 comment(s) - last by neogrin.. on Jun 6 at 12:35 PM

LulzSec hacked an FBI affiliate and used obtained information to threaten others.  (Source: Google Cache)

The griefer group has been gaining attention of late for a series of high profile attacks.
Griefer organization isn't worried about making enemies

LulzSec ("Lulz Security") has exploded onto the world hacking scene with a series of high profile system intrusions that have drawn sympathy from some and outrage from others.  Now they've stepping up their attacks, blasting new targets.

I. LulzSec?

Before a few weeks ago pretty much no one had heard about LulzSec.  Now they're making the evening news.

Two weeks ago LulzSec was one of several parties who hacked Sony Corp (6758) using SQL injection to exploit access vulnerabilities in the company's online databases.  At the time most considered LulzSec just another hacker group targeting Sony.

Sony had in recent months become a whipping boy for the hacker community after it allegedly abused the U.S. federal court system to gain access to the personal accounts of famed hardware hacker George "GeoHot" Hotz, invading the young man's privacy.  The hacking community was also resentful about Sony's decision to try to block users from installing Linux on their PlayStation 3s -- a practice they once promoted.  

But LulzSec showed themselves to be more than just an anti-Sony group.  After news network PBS aired a FRONTLINE special called "WikiSecrets", LulzSec hacked the network's servers posting offensive fake stories.  

The group said they attacked the news network because they were upset that its special didn't portray the controversial leaks site Wikileaks in a wholly positive manner.  The decision to mix critical commentaries in with praising ones in the special was apparently unacceptable to the group, and PBS paid the price for its rounded coverage.

And most recently the group hacked Sony yet again, this time completing a much larger breach in which they scooped over 1 million user names and passwords from an online picture service from the company.  Allegedly the passwords were stored in plain text, an astoundingly careless move.

II. Attacks on Fellow Hackers

This last week, in addition to the Sony hack, LulzSec has had its hands full with new targets.

The group targeted famed hacking magazine 2600's servers due to its frustrations at a certain young hacker that used them.  The group claims that a Dutch youth named Martijn Gonlag, who goes by the name "awinee" on Twitter used 2600's IRC and proxy servers.

Mr. Gonlag who recently was arrested [1][2] (video) when he bungled an attempt to use the distributed denial of service (DDOS) tool "Low Orbit Ion Cannon" and accidentally DDOS attacked the Dutch government.

Since then he's carried out a confrontational dialogue with LulzSec on Twitter, with LulzSec mocking his inexperience.

2600 apparently was caught in the crossfire of this grudge match.  LulzSec elected to carry out distributed denial of service attacks on its fellow hackers, taking down IRC chat channels and proxy servers.  The physical news webpage remained accessible throughout much of the week, though.

The IRC channels have recently come back online as the group appears to finally be ceasing hositilities.

But the group appears to be targeting another hacker now -- an individual who goes by the name "th3j35t3r" ("The Jester" in leetspeak).  The Jester primarily leads (first party) denial of service attacks against violent jihadist recruiting websites, acting as a "hacktivist".  He has taken down sites belonging to the Taliban and al-Qaida.  He's also carried out attacks against the Westboro Baptist Church, a radical Kansas-based Christian church who advocates killing gays and who has cheered the death of American soldiers the Middle East.

But The Jester ran afoul of LulzSec due to his role in DOS attacks against Wikileaks.  Now The Jester and LulzSec are engaged in a hostile dialogue on Twitter, in which both parties have implied that they may be looking to attack each other.

III. Pro-FBI Nonprofit Hacked

But LulzSec's highest profile intrusion may have just occurred last night.  In an operation it called "f-ckFBIFriday", it hacked nonprofit Infragard.  

According to Infragard's website, it is a 42,000+ member strong organization that helps connect local businesses with the U.S. Federal Bureau of Investigations to protect themselves from crime.

Late Friday LulzSec hacked the group's servers, grabbing e-mails, passwords and personal contact information for about 180 members.  The group posted a 700 MB torrent, which it claimed to be full of internal emails.  The group also defaced Infragard Atlanta's website posting a defiant message to the FBI posting the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS".

The defaced page carried a picture of LulzSec's favorite target, Mr. Gonlag.

LulzSec has also been at war with Karim Hijazi, CEO of botnet-tracking company Unveillance.  Mr. Hijazi accuses them of trying to hack into his company's corporate network with iPredator, a VPN tunneling tool.  He says they also used phone line tapping techniques to listen in and record an internal call.

He alleges that the LulzSec team contact him via IRC chat demanding he turn over logs on the botnet of Anonymous, which has been used to carry out pro-Wikileaks attacks on U.S. businesses and the U.S. government.  That botnet is believed to be composed of innocent civilians' computers infected by viruses propagated by Anonymous's hacker members.

LulzSec is also believed to have grabbed additional information using Mr. Hijazi's password from Infragard, which LulzSec claims was the same as his passwords for company servers.  By breaching Infragard, LulzSec appears to have gained the means to breach Unveillance as well.

In an interview with CNET he states, "They had me under the gun for a little over a week with threats and extortion. The very nature of having to contend with someone who is holding something ransom is not pleasant."

LulzSec has posted on Twitter claiming Mr. Hijazi tried to hire him and citing his "corrupt" behavior as justification for their leak of his company's information.  They write:

Karim offered to go into business with us even before we put on the pseudo-extortion. He tried even harder after - corrupt, filthy man.

We leaked Karim because we had enough proof that he was willing to hire us as hitmen. Not a very ethical thing to do, huh Mr. Whitehat?

IV. Who is LulzSec?

LulzSec sure is making a lot of enemies -- likely some hackers at 2600, The Jester, the FBI, Unveillance, Infragard, Sony, and more.

The group maintains chat channels on and maintains an "official" webpage at  The group also communicates with the public through Twitter and Pastebin postings.

Its members firmly assert that they are not a renaming of the 4Chan hacker group Anonymous, despite sharing many similar enemies -- those who criticize Wikileaks, Sony, et al.

What is known about LulzSec at this point is that they are very sophisticated attackers.  They also appear to be members of the growing "griefer" movement, which includes such players as the obscenely-named GNAA/GoatseSec and Gnosis (who breached Gawker Media, owners of Gizmodo, last year).

The thing about griefers is that they love free speech -- until it works against them.  For that reason, and for the wealth of corporations with woeful security (link to LulzSec's hack of Nintendo), we doubt the online world has seen the last of LulzSec, who these days is given Anonymous a run for its money.

It should be interesting to see how the U.S. intelligence community responds, now that LulzSec's attacks are hitting close to home.

Update: Sunday 6/5/2011 12:25 a.m.-

Adrian Lamo, famed hacker/"snitch" and admin for 2600 shared the following statement with us:

Lulzsec's activities on 2600's IRC servers at have been an ephemeral issue, which has been resolved internally in hacker tradition.

Indiscriminate attacks accomplish nothing, and the methods employed by LulzSec would be better-used against states hostile to the United States.

Attacks against government-affiliated entities such as Infragard are exceptionally unacceptable, and require decisive action if continued.

On a lighter note, I am proud to be the "owner" of - I appreciate the gift.

Apparently LulzSec registered their website using Mr. Lamo's 2600 email address, so he now has rights to the domain.  Mr. Lamo has been in the spotlight since he turned in accused Wikileaks source U.S. Army Spc. Bradley Manning last summer.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Yeah...
By Solandri on 6/5/2011 8:20:37 PM , Rating: 5
Basically, these guys are like kids who have discovered that windows can be broken if you throw a rock at them, because everyone just uses regular glass for all their windows instead of shatter-proof acrylic.

Part of making a functional society is an implicit agreement by everyone to behave. They agree not to do certain easy things (like running around throwing rocks at everyone's windows) because fixing the problem (making all windows shatter-proof) is a whole lot more expensive than everyone just implicitly agreeing not to break them, and arresting those who do.

That hasn't been the case on the Internet. Emboldened by anonymity, people say and do things on the Internet which would be completely unacceptable in real life. What we're seeing now is that attitude starting to have RL consequences beyond hurt feelings from a flame war. It's the culmination of a question that came up early in the life of the Internet. The answer to it (how government, law enforcement, and the courts react to it) is going to redefine the relationship between our online and RL personas: How much anonymity are we allowed? Should things that cause only virtual damage have RL punishments? etc. All that stuff about cyber-bullying suicides, and Blizzard trying to enforce real IDs on their forums, and these hacking groups and script kiddies, are all just different aspects of this one issue.

"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki