About thirteen hours prior to the writing of this piece, a very special surprise bootywas dropped by the infamous hackergroup LulzSec, over Twitter. The 50 Days of Lulzstatement and the accompanying torrent link with their last bountiful booty of 812,000 emails, AOL and AT&T internal dataand some other random information hacked off several servers, signified the end of the six-man self-appointed hacktivist group.
Their almost poetic farewell message was all about saying how much they cared about the very people they chose to disrupt, and how the world is a better place now since they have shown how a common man can spread anarchy so easily (emphasis added):-
We are Lulz Security, and this is our final release, as today marks something meaningful to us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you.
Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distanceâ€¦
Extremely magnanimous of these fellows, is it not? These fine gentlemen showed us that a small bunch of people could bring the world down to its knees, all through open exploits and SQL vulnerabilities that anyone can search for from the comforts of their establishments.
I would have tapped my hat respectfully at LulzSec if I did not know more about the entire debacle of the past fifty days.
Actually, no, I would not have tapped my hat respectfully at LulzSec at all. If I did, my name would be OddJob and I would be throwing my hat at them. Why? Because LulzSec was never a hackergroup it was a group that used to search for known exploits online, and then use them to take down, deface and otherwise maim a server or a company. In the event that there was no known exploit, they would rely on Distributed Denial of Service (DDoS) attacks using the Low Orbit Ion Cannon (LOIC) to take down a website. All of this in the name of lulzand, later, antisec/wikileaks movement.
The group came into prominence when they stole extremely sensitive information from Sony’s PlayStation Network that led to the great downtime of PSN. They claimed this was a retaliatory attack for the legal action taken by Sony against George Hotz, who developed the jailbreak for the PlayStation 3 console. Releasing this information to the public alienated the group from many PSN users, including this writer. Having a vulnerability in a corporate network is entirely Sony’s fault, but the correct way to go about it would be to tell Sony confidentially, and in return reap the rewards in green colored paper.
As if that was not enough, the group decided it would be fun to DDoS many multiplayer gaming websites including Minecraft and disrupted the login servers of the massively multiplayer game EVE: Online resulting in problems for gamers who would be enjoying a relaxing game on any other day. By this point, it became apparent that LulzSec were a bunch of attention seekers with no real hacking skills. Except, they ended up striking some easy gold by attacking the FBI affiliate site InfraGuard.
Many releases of LulzSec after this incident harped upon the term antisec, and encouraged fans to disrupt white-hack paradigms of today: Net Security (netsec) companies routinely look for holes in a web server. In the event they find one, the netsec company tells the owner of the server about the exploit and threatens with full disclosure of the exploit to the internet if the company does not hire the netsec to fix the hole. If the company refuses to do so, the netsec releases the exploit to many online repositories such as Bugtraq and SecurityFocus. This was seen as exploitation of companies by greedy individuals, and the antisec movement was formed as a means to censor the publication of these exploits on the public internet by security companies.
However, the question so, why shut shop all of a sudden?begs an answer. For everyone following the twitter feed of LulzSec, the Lulz Boat had been sailing admirably for the past fifty days, right?
Actually, no. The random releases of data and disruption of innocent cyber life caught the attention of gray-hat hacktivist The Jester, commonly known by his l337 handle th3j35t3r’. th3j35t3r was behind the XerXeS Denial of Service tool against Jihadists, and is for all reasons and purposes a cyber vigilante whose superpower is hacking and tweeting TANGO DOWNwhenever he takes down a website. He also claimed responsibility for taking down Wikileaks and the Westboro Baptist Church websites.
Now, th3j35t3r threatened to d0x(release personal identifiable information about) the members of LulzSec, starting with the alleged leader Sabu. However, it was later disproved that th3j35t3r did the d0xing as is evident from this raw data. This was the start of the Lulz Boat’s sinking.
Eventually, The A-Team, another group of hackers managed to get the personal information of the entire group via a network of spies and deception on their Internet Relay Chat (IRC) channels. It is unsure at this point whether the3j35t3r was involved with the A-Team but key pieces of data might have been supplied by him to the A-Team. The release was about a day prior to their announcement that they are calling it quits.
Next question: how are you so sure that these are the real names and addresses of LulzSec?. Good question, reader it is true that I cannot prove that these people were connected to LulzSec based on an anonymous pastebin text. However, I can prove by the method of induction that the d0xing was correct.
So it is safe to say that the LulzBoat decided to find the nearest harbor to crash into and scamper away once the infighting and bragging led to the release of their personal information. For the most part it was evident that the group did not know much about hacking at all, relying on script-kiddie methods of cracking a web server, and if that failed DDoS-ing the website to take it down in the name of lulz. What they have managed to do in all this mess is to let many companies cry havoc and let loose the dogs of war.
Instead of stalling the efforts of netsec companies and their exploitation in the name of security, LulzSec has strengthened netsec companies’ argument that anybody can use the exploits they release. Thus server owners should pay netsec companies to fix the exploit before they release it to the internet.
LulzSec has torn way too many holes than it knows how to fix, and by this time the FBI is on their tails. I think they made a pretty rational, but bumbling, move of shutting shop. The internet could have done well without these faux hacktivists. The repercussions to these attacks would probably hit the members real hard. Let’s hope that the internet censorship debate does not take into account the actions of this idiotic group of hackers.
For all we know, these people are effectively destroying open internet, not the governments.
Hey LulzSec, GTFO, n00bs.