Print 29 comment(s) - last by icanhascpu.. on Jun 9 at 10:40 PM

For now the LulzSec ship sails on, contrary to reports of an "arrest" by phantom FBI agents. The group today posted information from two more hacked Sony properties.  (Source: LulzSec)
Merry brigade's run isn't over yet

There's been some interesting developments in the case of now-legendary griefers LulzSec ("Lulz Security").  Today some news network reported that a member of LulzSec was arrested by "FBI agents".  These reports emerged around the same time as an outage of the group's site so most assumed them to be true, but are they?

I. LulzSec Hacked?

Reports of LulzSec being "hacked" started at 2:39 a.m. EST when "" emailed the security mailing list with a post "Lulzsec == pwnt".

The posted led to a tar file, which contained some nondescript server/chat log-looking text file dumps.  Interesting.

Early in the morning The Epoch Time took the plunge reporting:
Just following the hack, LulzSec chat logs appeared online detailing a government raid of their chat server, stating “military hackers are trying to hack us.” They stated one member of the group, Robert Cavanaugh, was arrested. He is now allegedly in FBI custody.
Robert Cavanaugh has graciously contacted us and stated:

A lot of the information isn't correct I was never arrested that picture isnt me.

He acknowledges that he was a security professional and experienced hacker looking to expand his skills, but that the allegations appearing in various reports were slander against him.

He was only peripherally associated with members of Lulzsec, and did not participate in the group's attacks.

Robert Cavenaugh
The "real" Robert Cavenaugh [Image Source: Robert Cavenaugh]

Likewise, at 8 a.m. Arik Hesseldahl, a former Bloomberg BusinessWeek contributor who obtained a graduate journalism from Columbia University, reported for All Things Digital:

The release came as there was a claim — totally unconfirmed — that a member of the group has been arrested by the FBI. The claim was made on the Full Disclosure mailing list, an independent free-wheeling mailing list that focuses on computer security. The message, which was sent by someone using the Hushmail secure email service, contained what is said to be a chat log from Lulzsec’s private IRC chat server, then mentions at the end that “one of them is already in FBI custody.” I have calls into FBI offices in Washington and New York, trying to corroborate the claim of the arrest.
He cautions:
Obviously, it’s possible that the claim is completely made up. It could be an attempt by someone to falsely implicate someone as a member of the group, throw off the trail, or just a nasty prank.
But then gleefully speculates:
But if an arrest has been made, and the person arrested is a member of LulzSec, then it would probably be a fairly short time until other members are arrested too.
Even ArsTechnica joined in.  And at approximately 5 p.m. EST Slashdot admin "SoulSkill" published a user submitted story from "jjp9999" who wrote:
"LulzSec was compromised and a member of the group, Robert Cavanaugh, was arrested by the FBI on June 6. Meanwhile, LulzSec hacked Sony again, this time leaking the Sony Developer Network source code through file sharing websites."
Unfortunately all of these reporters were mislead to varying degrees (and those who expressed credulity or urged caution were wise to do so).  It turns out the hack of Mr. Cavanaugh dates back to 2010, as seen here, in this cached log on the page 4Chan.

In a series of PNG images and TXT files several teen hackers ("Xero", "XYZ" (Cavanaugh), and others) had their names and home addresses posted.  The teen hackers appeared to have run afoul of Anonymous or some other more seasoned hackers.

According to several anonymous sources we received, XYZ (Cavenaugh) was trying to join LulzSec, but was never a full member.  Purportedly he was arrested in early May, following the LulzSec hack of Square Enix (TYO:9684).  Internet Relay Chat (IRC) conversations have since surfaced online indicating that XYZ was not truly involved in the hack and that the hackers purposefully defaced pages to look like they were hacked by Xero, XYZ, Chipp1337, Venuism, and XiX as a prank.  

Suffice it to say these young men ostensibly have nothing to do with LulzSec getting "pwnt", particularly not over the recent Sony intrusions.

LulzSec took to Twitter at around 6 p.m. denying that they had been hacked.  Shortly thereafter ArsTechnica and The Epoch Times updated their posts to reflect this, with ArsTechnica even catching wind of the suspect PasteBin that was a few weeks old (but failing to mention the much older 4Chan post from Oct. 2010).  As of press time Slashdot and All Things Digital still haven't updated with LulzSec's statement.

II. But the Site was Down!

The reports of the LulzSec arrest poured in like rain -- and around the same time the group's site went down.  Many speculated this was further sign of some sort of massive hack of LulzSec.  Based on the posts on the mailing list some claimed that the group had been hacked using remote root access and had stored root passwords in their email -- embarrassing security mistakes if true.

But in reality the group's site was likely getting stressed by a much bigger true story and the outage was merely an unfortunate coincidence.

The group early this morning had cheered the release of yet another data dump [1][2][3] from a hacked Sony Corp. (6758) property.  Sony has of late become the whipping boy for the hacker community, for reasons we outline here.  These attacks were the sixteenth major attack [1][2][3][4][5] on Sony, thus far.

This time around, the attackers had made off with a 54 MB code dump from Sony Computer Entertainment’s Developer Network, and an internal network map of Sony BMG.  The blog "" listed the attack as the sixteenth major intrusion at Sony since the attacks began in April.

LulzSec mocked:
Konichiwa from LulzSec, Sony bastards!

We've recently bought a copy of this great new game called "Hackers vs Sony", but we're unable to play it online due to PSN being obliterated. So we decided to play offline mode for a while and got quite a few trophies. Our latest goal is "Hack Sony 5 Times", so please find enclosed our 5th Sony hack.
So LulzSec appears to have DDOSed itself with all the excitement it generated.

III. What's Next

While the "arrest" this time proved false, it's very possible that the group may eventually see some sort of real world law enforcement action.  The group is making powerful enemies -- namely the U.S. Federal Bureau of Investigation and Sony.  And while these entities have yet to prove their security competence, they have the advantage of money on their side.

LulzSec arguably is costing Sony what could amount to billions in financial damages.  It thus seems only a matter of time before Sony swallows its pride and tries to hire security professionals to strike back.

So far LulzSec has only seen incompetent attacks, such as an attempt to SQL inject the group's static pages on  The group posted via Twitter:

Someone is trying to SQL inject our static pages on - we can see you trying it, you are really embarrassing yourself. <3

Shortly thereafter they DDOSed the attacker IP.

But, according to some, LulzSec is burning through whatever community sympathy it generated by publishing user names and passwords, which it stole from Sony.  Such actions -- particularly the group's decision to publish private information on innocent gamers and elderly contest entrants -- may eventually provoke retaliation from the broader hacker community as well, which is already a bit annoyed at LulzSec for trying to DDOS the servers of veteran hacker publication 2600 and flame-baiting anti-terrorist veteran hacker th3j35t3r ("The Jester") on Twitter.

The group remains as defiant as ever.  And as usual they're not talking to the media (or "fucking media bullshit" in their words).  That silence combined with the overeagerness of online media means that this won't likely be the last time the story gets confused.  For now the LulzSec "ship" sails on.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: hah
RE: hah
By Spuke on 6/6/2011 11:39:04 PM , Rating: 2
This is really getting funny AND embarrassing for Sony.

RE: hah
By SandmanWN on 6/7/2011 1:15:43 AM , Rating: 5
I find it more embarrassing for the people doing this. While the tech savvy of other nations grow up hacking western countries for information on how to evolve their industry through whatever means necessary and stealing all the information they can get their hands on, the pathetic youth of western countries are too busy hacking a gaming company, or searching for UFO's on public military websites, or simply wasting away playing a gaming console.

RE: hah
By Aloonatic on 6/7/2011 5:51:28 AM , Rating: 2
I'm just wondering who the kids that live in the nation with the most advanced tech in the world should be hacking for information? China to find decades old stealth information? India for old rocket and nuke tech?

I'm not saying that I support what they are doing by the way, but it seems unfair to praise foreign hackers who actually have something meaningful to go after when hacking the US/West and to compare them to hackers in the US/West who might hack into China or wherever, but what's the point?

Sony is more than just a gaming company too. It's annual turnover is probably larger than many countries GDP. It has a global presence and it's actions are probably felt by more people than those of most governments around the world too.

RE: hah
By Strunf on 6/7/2011 7:18:11 AM , Rating: 2
China is today competing with western countries for resources, knowing with which country they are making deals and the extent of them would be of most interest to many.

RE: hah
By nafhan on 6/7/2011 10:47:46 AM , Rating: 2
They don't necessarily have to be stealing military secrets to be beneficially utilizing their skill sets. I think he was making the point that the Chinese hackers are doing something that benefits their people, while these guys are just wasting their time and skills to annoy and inconvenience a large consumer electronics manufacturer and it's customers.

RE: hah
By Aloonatic on 6/7/2011 1:27:56 PM , Rating: 2
I get the point.

My point is that it is one thing to expect hackers to hack into the DoD, NASA or whoever and steal info on the latest stealth fighters and such. It's another to expect US/Western hackers to be interested in hacking into China to find out who they are trading with and find quarterly accounting reports etc.

Yes, the information might be equally valuable, but it's hardly interesting or the sort of thing that anyone starts hacking for, so I don't blame US/Western hackers for not bothering with such things and going after the more interesting information held by their own governments.

It seems pretty petty to criticise western hackers for this IMHO, but there you go.

Anyway, if US/Western government and the people who vote for and fund them want US/Western hackers to employ their skillz more beneficially, then pay them to. Why you expect hackers to do this for free to benefit you and your government seems a silly notion too. Why shouldn't they go after what they feel is interesting? That's all that foreign hackers will be doing, unless they are being employed by the state, and then it's a different matter entirely.

RE: hah
By nafhan on 6/7/2011 4:52:17 PM , Rating: 2
I agree with the sentiment. Further, I'd be surprised if Chinese hackers were doing all that out of love and patriotism for their motherland (or whatever). There's probably support at some level from the Chinese government.

RE: hah
By SandmanWN on 6/9/2011 12:13:54 AM , Rating: 2
Clearly you missed the point. The point, may I add since it flew straight over your head, is that this is a complete waste of talent and skill. The comparison isn't targets of opportunity but the desire and want of knowledge rather than a teenagers hurt feelings over the big bad corporations that they took their lollipops.

That was the zooming sound your heard buzzing around your head when you typed two completely misguided posts.

RE: hah
By infidel01 on 6/7/2011 1:26:16 PM , Rating: 2
So what, your saying these people are not bad people beacuse they are hacking but they are bad people as they are not hacking for the goals you would? Or for the same goals other people are?

RE: hah
By SandmanWN on 6/9/2011 12:07:44 AM , Rating: 2
you've tried to place words in my mouth and have done little more than confused yourself. If you want my opinion, ask. Of the two wastes to society, the west has the best of the worst. Got it boy genius?

RE: hah
By icanhascpu on 6/9/2011 10:40:23 PM , Rating: 1
1. Not everyone in the west fits your little description
2. If you dont think other nations hackers are do'n the same sort of shit on smaller scales, you're a fool.

The only embarrassing thing about this is what you've managed to convince yourself.

RE: hah
By B3an on 6/7/2011 5:38:14 AM , Rating: 1
It got funny and embarrassing a long time ago.

"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki