- Iconic 1968 drag documentary ‘The Queen’ finally released on Netflix Friday 9:29 PM
- This TikTok account for Chancellor Palpatine is hilarious Friday 8:43 PM
- Did the Space Force logo rip off Star Trek? Friday 6:24 PM
- Disabled people with service dogs say Uber, Lyft drivers are denying them rides Friday 3:25 PM
- TikTok teen famous for greasy hair ends her 8-year reign Friday 2:48 PM
- Police handcuff brown man at subway station for carrying a toy gun Friday 1:20 PM
- Fake clip of Sanders quoting infamous ‘hot chip’ tweet is duping people online Friday 1:16 PM
- The Mars Volta’s Cedric Bixler-Zavala alleges Scientologists behind dog’s death Friday 12:46 PM
- Eminem responds to critics: ‘This album was not made for the squeamish’ Friday 12:42 PM
- ‘The poet, the poem’ meme takes iconic lines and turns them into art Friday 12:40 PM
- People are making dark memes about the coronavirus Friday 12:27 PM
- Trump camp’s ‘head on a pike’ impeachment threat hit with memes Friday 11:34 AM
- What is the #FreeBritney movement, and why is Cher tweeting about it? Friday 10:52 AM
- This YouTuber claims the Saudi government plotted to kidnap him on U.S. soil Friday 10:30 AM
- Report: Jack Dorsey declined to host a fundraiser for Tulsi Gabbard Friday 10:22 AM
LulzSec strikes back
April Fools’ Day came early this year with the return of the hacker collective known as LulzSec.
The LulzSec lulzboat is setting sail once again.
Originally conceived as a time-limited collaboration of hackers and hactivists active between May and July of 2011, LulzSec attacked security sites like HB Gary, the C.I.A., and even Sony in what the group called the “50 Day Cruise.” Once the 50 days were up, LulzSec went out in typical flamboyant style, posting a lengthy farewell to Pastebin.
After that, the group officially disbanded, but that didn’t stop sympathizers and supporters from Anonymous, among other groups, from continuing security-focused actions under the banner of AntiSec.
At the end of July the police swooped down and arrested a number of people around the world in association with these and other hacks. Jake Davis, also known as Topiary, was arrested and charged with taking part in illegal hacks. He allegedly ran the Twitter account for LulzSec, which has not been active since his arrest.
Cut to a few weeks ago when what’s alleged to be the remainder of full crew of six original LulzSec members were rounded up by the FBI. LulzSec’s leader, 28-year-old Hector “Sabu” Monsegur, had been an FBI informant throughout much of the past year, including possibly much of the lifespan of LulzSec, though some members were aware of that possibility.
The revelation that Monsegur, their ostensible leader, was an informant caused AntiSec to fall into disarray. But not forever.
Rumours started circling Twitter in earlier this month that LulzSec was on the comeback trail, with a rumored launch planned for April 1. Naturally, for any Anonymous-aligned group, the possibility that it was just a prank—all for the lulz—could not be ruled out.
On Tuesday, several days short of the expected return, LulzSec announced its apparent return in the form of LulzSecReborn and trumpeted two completed actions.
MilitarySingles.com was hacked and its users’ information posted to Pastebin and other sites—170,000 accounts’ worth of data in total. Since user passwords are encrypted there, it’s likely the accounts were not compromised. After the CEO boasted to the Los Angeles Times that the website was safe from hackers, it was defaced with nyan cat and the Lulz Sir mascot, and now reads, “LulzSec is SB,Fuck!“
CSSCorp.com, a global IT services company, was also hacked and doxed, although the website seems to have recovered. In that case, passwords were not encrypted; thus, user accounts were, and remain, truly vulnerable until users change their passwords. Interestingly, LulzSecReborn warned the company not to challenge it, saying, “admins from csscorp I know that you are smarter then the others please don’t search for proof we will delete your whole database… “
Not everyone in the hacktivist world is supportive of this new group, to say the least. DiscordiAnon tweeted, “people should not reuse the name of LulzSec, have some FUCKING respect for Topiary.”
One can only imagine what the other group, the “original LulzSec 2.0,” is still planning for April 1. This could be an attempt by LulzSecReborn to pre-empt and thus neutralize whatever was going to happen April 1. One thing we have all learned this past year: It never pays to piss off a hacker collective.
Lorraine Murphy is an Ottawa-based cybersecurity journalist and founding editor of the Cryptosphere. She has a keen interest in WikiLeaks and web culture, and her bylines have appeared in Salon, Vanity Fair, Serious Eats, and elsewhere.