LulzSec strikes back
The LulzSec lulzboat is setting sail once again.
Originally conceived as a time-limited collaboration of hackers and hactivists active between May and July of 2011, LulzSec attacked security sites like HB Gary, the C.I.A., and even Sony in what the group called the “50 Day Cruise.” Once the 50 days were up, LulzSec went out in typical flamboyant style, posting a lengthy farewell to Pastebin.
After that, the group officially disbanded, but that didn’t stop sympathizers and supporters from Anonymous, among other groups, from continuing security-focused actions under the banner of AntiSec.
At the end of July the police swooped down and arrested a number of people around the world in association with these and other hacks. Jake Davis, also known as Topiary, was arrested and charged with taking part in illegal hacks. He allegedly ran the Twitter account for LulzSec, which has not been active since his arrest.
Cut to a few weeks ago when what’s alleged to be the remainder of full crew of six original LulzSec members were rounded up by the FBI. LulzSec’s leader, 28-year-old Hector “Sabu” Monsegur, had been an FBI informant throughout much of the past year, including possibly much of the lifespan of LulzSec, though some members were aware of that possibility.
The revelation that Monsegur, their ostensible leader, was an informant caused AntiSec to fall into disarray. But not forever.
Rumours started circling Twitter in earlier this month that LulzSec was on the comeback trail, with a rumored launch planned for April 1. Naturally, for any Anonymous-aligned group, the possibility that it was just a prank—all for the lulz—could not be ruled out.
On Tuesday, several days short of the expected return, LulzSec announced its apparent return in the form of LulzSecReborn and trumpeted two completed actions.
MilitarySingles.com was hacked and its users’ information posted to Pastebin and other sites—170,000 accounts’ worth of data in total. Since user passwords are encrypted there, it’s likely the accounts were not compromised. After the CEO boasted to the Los Angeles Times that the website was safe from hackers, it was defaced with nyan cat and the Lulz Sir mascot, and now reads, “LulzSec is SB,Fuck!“
CSSCorp.com, a global IT services company, was also hacked and doxed, although the website seems to have recovered. In that case, passwords were not encrypted; thus, user accounts were, and remain, truly vulnerable until users change their passwords. Interestingly, LulzSecReborn warned the company not to challenge it, saying, “admins from csscorp I know that you are smarter then the others please don't search for proof we will delete your whole database... “
Not everyone in the hacktivist world is supportive of this new group, to say the least. DiscordiAnon tweeted, “people should not reuse the name of LulzSec, have some FUCKING respect for Topiary.”
One can only imagine what the other group, the “original LulzSec 2.0,” is still planning for April 1. This could be an attempt by LulzSecReborn to pre-empt and thus neutralize whatever was going to happen April 1. One thing we have all learned this past year: It never pays to piss off a hacker collective.