- How to stream Barcelona vs. Real Betis Saturday 11:31 PM
- How to stream Tottenham Hotspur vs. Newcastle Saturday 11:21 PM
- All of the ‘Avengers: Endgame’ Easter eggs discovered by fans Saturday 6:52 PM
- Every big announcement made at D23 about Disney+ Saturday 6:33 PM
- The best haunted house movies to watch online in 2019 Saturday 4:13 PM
- Andy Ngo seen laughing as Patriot Prayer members plan an attack in newly emerged video Saturday 3:59 PM
- How to stream Manchester City vs. Bournemouth Saturday 3:25 PM
- Catholic priest allegedly spent church money on Grindr hookups Saturday 3:04 PM
- Nicolás Maduro’s English Twitter account was suspended with no public explanation Saturday 2:06 PM
- Man claims ex-girlfriend killed his dog after he broke up with her Saturday 1:02 PM
- What are BitTorrent downloads and how do they work? Saturday 12:58 PM
- ICE cuts the cord on real immigrant hotline after being featured in ‘Orange Is the New Black’ (updated) Saturday 10:49 AM
- The 10 best music podcasts for artist interviews and criticism in 2019 Saturday 10:41 AM
- How a socialist Twitch streamer landed in a feud with Dan Crenshaw Saturday 10:07 AM
- How to prepare for your fantasy football draft (and season) Saturday 9:00 AM
LulzSec strikes back
April Fools’ Day came early this year with the return of the hacker collective known as LulzSec.
The LulzSec lulzboat is setting sail once again.
Originally conceived as a time-limited collaboration of hackers and hactivists active between May and July of 2011, LulzSec attacked security sites like HB Gary, the C.I.A., and even Sony in what the group called the “50 Day Cruise.” Once the 50 days were up, LulzSec went out in typical flamboyant style, posting a lengthy farewell to Pastebin.
After that, the group officially disbanded, but that didn’t stop sympathizers and supporters from Anonymous, among other groups, from continuing security-focused actions under the banner of AntiSec.
At the end of July the police swooped down and arrested a number of people around the world in association with these and other hacks. Jake Davis, also known as Topiary, was arrested and charged with taking part in illegal hacks. He allegedly ran the Twitter account for LulzSec, which has not been active since his arrest.
Cut to a few weeks ago when what’s alleged to be the remainder of full crew of six original LulzSec members were rounded up by the FBI. LulzSec’s leader, 28-year-old Hector “Sabu” Monsegur, had been an FBI informant throughout much of the past year, including possibly much of the lifespan of LulzSec, though some members were aware of that possibility.
The revelation that Monsegur, their ostensible leader, was an informant caused AntiSec to fall into disarray. But not forever.
Rumours started circling Twitter in earlier this month that LulzSec was on the comeback trail, with a rumored launch planned for April 1. Naturally, for any Anonymous-aligned group, the possibility that it was just a prank—all for the lulz—could not be ruled out.
On Tuesday, several days short of the expected return, LulzSec announced its apparent return in the form of LulzSecReborn and trumpeted two completed actions.
MilitarySingles.com was hacked and its users’ information posted to Pastebin and other sites—170,000 accounts’ worth of data in total. Since user passwords are encrypted there, it’s likely the accounts were not compromised. After the CEO boasted to the Los Angeles Times that the website was safe from hackers, it was defaced with nyan cat and the Lulz Sir mascot, and now reads, “LulzSec is SB,Fuck!“
CSSCorp.com, a global IT services company, was also hacked and doxed, although the website seems to have recovered. In that case, passwords were not encrypted; thus, user accounts were, and remain, truly vulnerable until users change their passwords. Interestingly, LulzSecReborn warned the company not to challenge it, saying, “admins from csscorp I know that you are smarter then the others please don’t search for proof we will delete your whole database… “
Not everyone in the hacktivist world is supportive of this new group, to say the least. DiscordiAnon tweeted, “people should not reuse the name of LulzSec, have some FUCKING respect for Topiary.”
One can only imagine what the other group, the “original LulzSec 2.0,” is still planning for April 1. This could be an attempt by LulzSecReborn to pre-empt and thus neutralize whatever was going to happen April 1. One thing we have all learned this past year: It never pays to piss off a hacker collective.
Lorraine Murphy is an Ottawa-based cybersecurity journalist and founding editor of the Cryptosphere. She has a keen interest in WikiLeaks and web culture, and her bylines have appeared in Salon, Vanity Fair, Serious Eats, and elsewhere.