LulzSec

1
LulzSec
Lulz Security
Lulz Security logo
Abbreviation LulzSec
Motto "The world's leaders in high-quality entertainment at your expense", "Laughing at your security since 2011"
Formation May 2011
Type Hacking
Membership 11
Leader Sabu
Affiliations Anonymous, LulzRaft, AntiSec
Volunteers 7
Lulz Security, commonly abbreviated as LulzSec, was a black hat computer hacker group that claimed
responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in
2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have
commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained
attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of
the founders of LulzSec was a computer security specialist who used the online moniker Sabu. The man accused of
being Sabu has helped law enforcement track down other members of the organization as part of a plea deal. At least
four associates of LulzSec were arrested in March 2012 as part of this investigation. British authorities had
previously announced the arrests of two teenagers they allege are LulzSec members T-flow and Topiary.
At just after midnight (BST, UT+01) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they
claimed to be their final release, confirming that LulzSec consisted of six members, and that their website is to be
shut down. This breaking up of the group was unexpected. The release included accounts and passwords from many
different sources. Despite claims of retirement, the group committed another hack against newspapers owned by
News Corporation on 18 July, defacing them with false reports regarding the death of Rupert Murdoch. The group
helped launch Operation AntiSec, a joint effort involving LulzSec, Anonymous, and other hackers.
Background and history
A federal indictment against members contends that, prior to forming the hacking collective known as LulzSec, the
six members were all part of another collective called Internet Feds, a group in rivalry with Anonymous. Under this
name, the group attacked websites belonging to Fine Gael, HBGary, and Fox Broadcasting Company. This includes
the alleged incident in which e-mail messages were stolen from HBGary accounts. In May 2011, following the
publicity surrounding the HBGary hacks, six members of Internet Feds founded the group LulzSec.
The group's first recorded attack was against Fox.com's website, though they still may have been using the name
Internet Feds at the time. It claimed responsibility for leaking information, including passwords, altering several
employees' LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of
73,000 contestants. They claimed to do so because the rapper Common had been referred to as "vile" on air.
LulzSec drew its name from the neologism "lulz", (from lol), "laughing out loud", which represents laughter, and
"Sec", short for "Security". The Wall Street Journal characterized its attacks as closer to Internet pranks than serious
cyber-warfare, while the group itself claimed to possess the capability of stronger attacks. It gained attention in part
due to its brazen claims of responsibility and lighthearted taunting of corporations that were hacked. It frequently
LulzSec
2
referred to Internet memes when defacing websites. The group emerged in May 2011, and successfully attacked
websites of several major corporations. It specialized in finding websites with poor security, stealing and posting
information from them online. It used well-known straightforward methods, such as SQL injection, to attack its
target websites. Several media sources have described their tactics as grey hat hacking. Members of the group may
have been involved in a previous attack against the security firm HBGary.
The group used the motto "Laughing at your security since 2011!" and its website, created in June 2011, played the
theme from The Love Boat. It announced its exploits via Twitter and its own website, often accompanied with
lighthearted ASCII art drawings of boats. Its website also included a Bitcoin donation link to help fund its activities.
Ian Paul of PC World wrote that, "As its name suggests, LulzSec claims to be interested in mocking and
embarrassing companies by exposing security flaws rather than stealing data for criminal purposes."
[1]
The group
was also critical of white hat hackers, claiming that many of them have been corrupted by their employers.
Some in the security community contended that the group raised awareness of the widespread lack of effective
security against hackers. They were credited with inspiring LulzRaft, a group implicated in several high-profile
website hacks in Canada.
In June 2011 the group took suggestions for sites to hit with denial-of-service attacks. The group redirected
telephone numbers to different customer support lines, including the line for World of Warcraft, magnets.com, and
the FBI Detroit office. The group claimed this sent five to 20 calls per second to these sources, overwhelming their
support officers. On 24 June 2011, The Guardian released leaked logs of one of the group's IRC chats, revealing that
the core group was a small group of hackers with a leader Sabu who exercised large control over the group's
activities. It also revealed that the group had connections with Anonymous, though was not formally affiliated with
it. Some LulzSec members had once been prominent Anonymous members, including member Topiary.
At just after midnight (GMT) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed
to be their final release, confirming that LulzSec consisted of six members, and that their website was to be taken
down. The group claimed that they had planned to be active for only fifty days from the beginning. "We're not
quitting because we're afraid of law enforcement. The press are getting bored of us, and we're getting bored of us," a
group member said in an interview to The Associated Press. Members of the group were reported to have joined with
Anonymous members to continue the AntiSec operation. However, despite claiming to retire, the group remained in
communication as it attacked the websites of British newspapers The Times and The Sun on 18 July, leaving a false
story on the death of owner Rupert Murdoch.
Former members and associates
LulzSec consisted of seven core members. The online handles of these seven were established through various
attempts by other hacking groups to release personal information of group members on the internet, leaked IRC logs
published byThe Guardian, and through confirmation from the group itself.
Sabu One of the group's founders, who seemed to act as a kind of leader for the group, Sabu would often decide
what targets to attack next and who could participate in these attacks. He may have been part of the Anonymous
group that hacked HBGary. Various attempts to release his real identity have claimed that he is an information
technology consultant with the strongest hacking skills of the group and a knowledge of the Python programming
language. It was thought that Sabu was involved in the media outrage cast of 2010 using the skype
"anonymous.sabu" Sabu was arrested in June 2011 and identified as a 29-year old unemployed man from New
Yorks Lower East Side. On 15 August, he pleaded guilty to several hacking charges and agreed to cooperate with
the FBI. Over the following seven months he successfully unmasked the other members of the group. Sabu was
identified by Backtrace Security as Hector Montsegur on 11 March 2011 in a PDF publication named "Namshub."
[2]
Topiary Topiary was also a suspected former member of the Anonymous, where he used to perform media
relations, including hacking the website of the Westboro Baptist Church during a live interview. Topiary ran the
LulzSec
3
LulzSec Twitter account on a daily basis; following the announcement of LulzSec's dissolution, he deleted all the
posts on his Twitter page, except for one, which stated: "You cannot arrest an idea". Police arrested a man from
Shetland, United Kingdom suspected of being Topiary on 27 July 2011. The man was later identified as Jake
Davis and was charged with five counts, including unauthorized access of a computer and conspiracy. He was
indicted on conspiracy charges on 6 March 2012.
Kayla/KMS Ryan Ackroyd of London, and another unidentified individual known as "lol" or "Shock.ofgod" in
LulzSec chat logs. Kayla owned a botnet used by the group in their distributed denial-of-service attacks. The
botnet is reported to have consisted of about 800,000 infected computer servers. Kayla was involved in several
high-profile attacks under the group "gn0sis". Kayla also may have participated in the Anonymous operation
against HBGary. Kayla reportedly wiretapped 2 CIA agents in an anonymous operation. Kayla was also involved
in the 2010 media outrage under the Skype handle "Pastorhoudaille". Kayla is suspected of having been
something of a deputy to Sabu and to have found the vulnerabilities that allowed LulzSec access to the United
States Senate systems. One of the men behind the handle Kayla was identified as Ryan Ackroyd of London,
arrested, and indicted on conspiracy charges on 6 March 2012.
Tflow (Real name: Mustafa Al-Bassam) The fourth founding member of the group identified in chat logs,
attempts to identify him have labelled him a PHP coder, web developer, and performer of scams on PayPal. The
group placed him in charge of maintenance and security of the group's website lulzsecurity.com. London
Metropolitan Police announced the arrest of a 16-year-old hacker going by the handle Tflow on 19 July 2011.
Avunit He is one of the core seven membersWikipedia:Citation needed of the group, but not a founding
member. He left the group after their self-labelled "Fuck the FBI Friday". He was also affiliated with Anonymous
AnonOps HQ. Avunit is the only one of the core seven members that has not been identified.
Pwnsauce Pwnsauce joined the group around the same time as Avunit and became one of its core members. He
was identified as Darren Martyn of Ireland and was indicted on conspiracy charges on 6 March 2012. The Irish
national worked as a local chapter leader for the Open Web Application Security Project, resigning one week
before his arrest.
Palladium Identified as Donncha O'Cearbhaill of Ireland, he was indicted on conspiracy on 6 March 2012.
Anarchaos Identified as Jeremy Hammond of Chicago, he was arrested on access device fraud and hacking
charges. He was also charged with a hacking attack on the U.S. security company Stratfor in December 2011. He
is said to be a member of Anonymous.
joepie91 The handle used by Sven Slootweg of the Netherlands, a leading activist within Anonymous and
owner of AnonNews.org.
[3]
joepie91 is charted as the most active member of the LulzSec IRC channel, and core
members of LulzSec interacted with him more often than with each other, but he is not known to have directly
participated in any of LulzSec's hacking operations.
Ryan Cleary, who sometimes used the handle ViraL. Cleary faced a sentence of 32 months in relation to attacks
against the US Air Force and others.
Other members still may be active as to this time, they have not yet been identified.
Ideology
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!
LulzSec
4
+
__
)| ________________________.------,_ _
_/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous
|==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists
`----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec
\ ==== \ \\~~\\ \ PIGS \\ #lulzsec
`| === | ))~~\\ ```"""=,)) #fuckfbifriday
| === | |'---') #chingalamigra
/ ==== / `====='
------
An ASCII graphic used by the group in its Chinga La Migra torrent, an associated statement, and also appearing in
press coverage.
LulzSec did not appear to hack for financial profit, claiming their main motivation was to have fun by causing
mayhem. They did things "for the lulz" and focused on the possible comedic and entertainment value of attacking
targets. The group occasionally claimed a political message. When they hacked PBS, they stated they did so in
retaliation for what they perceived as unfair treatment of Wikileaks in a Frontline documentary entitled WikiSecrets.
A page they inserted on the PBS website included the title "FREE BRADLEY MANNING. FUCK FRONTLINE!"
The 20 June announcement of "Operation Anti-Security" contained justification for attacks on government targets,
citing supposed government efforts to "dominate and control our Internet ocean" and accusing them of corruption
and breaching privacy. The news media most often described them as grey hat hackers.
Karim Hijazi, CEO of security company Unveillance, accused the group of blackmailing him by offering not to
attack his company or its affiliates in exchange for money. LulzSec responded by claiming that Hijazi offered to pay
them to attack his business opponents and that they never intended to take any money from him. LulzSec has denied
responsibility for misuse of any of the data they breached and released. Instead, they placed the blame on users who
reused passwords on multiple websites and on companies with inadequate security in place.
In June 2011, the group released a manifesto outlining why they performed hacks and website takedowns, reiterating
that "we do things just because we find it entertaining" and that watching the results can be "priceless". They also
claimed to be drawing attention to computer security flaws and holes. They contended that many other hackers
exploit and steal user information without releasing the names publicly or telling people they may possibly have
been hacked. LulzSec said that by releasing lists of hacked usernames or informing the public of vulnerable
websites, it gave users the opportunity to change names and passwords elsewhere that might otherwise have been
exploited, and businesses would be alarmed and would upgrade their security.
The group's latest attacks have had a more political tone. They claimed to want to expose the "racist and corrupt
nature" of the military and law enforcement. They have also expressed opposition to the War on Drugs. Lulzsec's
Operation Anti-Security was characterized as a protest against government censorship and monitoring of the internet.
In a question and answer session with BBC Newsnight, LulzSec member Whirlpool (AKA: Topiary) said,
"Politically motivated ethical hacking is more fulfilling". He claimed the loosening of copyright laws and the
rollback of what he sees as corrupt racial profiling practices as some of the group's goals.
LulzSec
5
Initial targets
The group's first attacks came in May 2011. Their first recorded target was Fox.com, which they retaliated against
after they called Common, a rapper and entertainer, "vile" on the Fox News Channel. They leaked several
passwords, LinkedIn profiles, and the names of 73,000 X Factor contestants. Soon after on 15 May, they released the
transaction logs of 3,100 Automated Teller Machines in the United Kingdom. In May 2011, members of Lulz
Security gained international attention for hacking into the American Public Broadcasting System (PBS) website.
They stole user data and posted a fake story on the site which claimed that Tupac Shakur and Biggie Smalls were
still alive and living in New Zealand. In the aftermath of the attack, CNN referred to the responsible group as the
"Lulz Boat".
Lulz Security claimed that some of its hacks, including its attack on PBS, were motivated by a desire to defend
WikiLeaks and Bradley Manning. A Fox News report on the group quoted one commentator, Brandon Pike, who
claimed that Lulz Security was affiliated with the hacktivist group Anonymous. Lulz Security claimed that Pike had
actually hired it to hack PBS. Pike denied the accusation and claimed it was leveled against him because he said Lulz
Security was a splinter of Anonymous.
In June 2011, members of the group claimed responsibility for an attack against Sony Pictures that took data that
included "names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people." The
group claimed that it used a SQL injection attack, and was motivated by Sony's legal action against George Hotz for
jailbreaking into the PlayStation 3. The group claimed it would launch an attack that would be the "beginning of the
end" for Sony. Some of the compromised user information was subsequently used in scams. The group claimed to
have compromised over 1,000,000 accounts, though Sony claimed the real number was around 37,500.
Corporate attacks
Lulz Security attempted to hack into Nintendo, but both the group and Nintendo itself report that no particularly
valuable information was found by the hackers. LulzSec claimed that it did not mean to harm Nintendo, declaring:
"We're not targeting Nintendo. We like the N64 too much we sincerely hope Nintendo plugs the gap."
On 11 June, reports emerged that LulzSec hacked into and stole user information from the pornography website
www.pron.com. They obtained and published around 26,000 e-mail addresses and passwords. Among the
information stolen were records of two users who subscribed using email addresses associated with the Malaysian
government, three users who subscribed using United States military email addresses and 55 users who LulzSec
claimed were administrators of other adult-oriented websites. Following the breach, Facebook locked the accounts of
all users who had used the published e-mail addresses, and also blocked new Facebook accounts opened using the
leaked e-mail addresses, fearing that users of the site would get hacked after LulzSec encouraged people to try and
see if these people used identical user name and password combinations on Facebook as well.
LulzSec hacked into the Bethesda Game Studios network and posted information taken from the network onto the
Internet, though they refrained from publishing 200,000 compromised accounts. LulzSec posted to Twitter regarding
the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks,
Please fix your junk, thanks!"
On 14 July 2012, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday".
These websites were Minecraft, League of Legends, The Escapist, and IT security company FinFisher. They also
attacked the login servers of the massively multiplayer online game EVE Online, which also disabled the game's
front-facing website, and the League of Legends login servers. Most of the takedowns were performed with
distributed denial-of-service attacks. On 15 June, LulzSec took down the main server of S2 Games' Heroes of
Newerth as another phone request. They claimed, "Heroes of Newerth master login server is down. They need some
treatment. Also, DotA is better."
LulzSec
6
On 16 June, LulzSec posted a random assortment of 62,000 emails and passwords to MediaFire. LulzSec stated they
released this in return for supporters flooding the 4chan /b/ board. The group did not say what websites the
combinations were for and encouraged followers to plug them into various sites until they gained access to an
account. Some reported gaining access to Facebook accounts and changing images to sexual content and others to
using the Amazon.com accounts of others to purchase several books. Writerspace.com, a literary website, later
admitted that the addresses and passwords came from users of their site.
Government-focused activities
LulzSec claimed to have hacked local InfraGard chapter sites, a non-profit organization affiliated with the FBI. The
group leaked some of InfraGard member e-mails and a database of local users. The group defaced the website
posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video.
LulzSec posted:
"It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama
24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat
hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta
chapter) and leaked its user base. We also took complete control over the site and defaced it [...]."
On 9 June, LulzSec sent an email to the administrators of the British National Health Service, informing them of a
security vulnerability discovered in NHS systems. LulzSec stated that they did not intend to exploit this
vulnerability, saying in the email that "We mean you no harm and only want to help you fix your tech issues."
On 13 June, LulzSec released the e-mails and passwords of a number of users of senate.gov
[4]
, the website of the
United States Senate. The information released also included the root directory of parts of the website. LulzSec
stated, "This is a small, just-for-kicks release of some internal data from senate.gov is this an act of war,
gentlemen? Problem?" referencing a recent statement by the Pentagon that some cyberattacks could be considered an
act of war. No highly sensitive information appears in the release.
On 15 June, LulzSec launched an attack on www.cia.gov
[5]
, the public website of the United States Central
Intelligence Agency, taking the website offline with a distributed denial-of-service attack. The website was down
from 5:48pm to 8:00pm eastern time.
On 2 December, an offshoot of LulzSec calling itself LulzSec Portugal, attacked several sites related to the
government of Portugal. The websites for the Bank of Portugal, the Assembly of the Republic, and the Ministry of
Economy, Innovation and Development all became unavailable for a few hours.
Operation Anti-Security
Main article: Operation AntiSec
On 20 June, the group announced it had teamed up with Anonymous for "Operation Anti-Security". They
encouraged supporters to hack into, steal, and publish classified government information from any source while
leaving the term "Antisec" as evidence of their intrusion. Also listed as potential targets were major banks. USA
Today characterized the operation as an open declaration of cyberwarfare against big government and corporations.
Their first target of the operation was the Serious Organised Crime Agency (SOCA), a national law enforcement
agency of the United Kingdom. LulzSec claimed to have taken the website offline at about 11am EST on 20 June
2011, though it only remained down for a few minutes. While the attack appeared to be a DDoS attack, LulzSec
tweeted that actual hacking was taking place "behind the scenes". At about 6:10pm EST on 20 June, SOCA's
website went down yet again. SOCA's website was back online sometime between 20 and 21 June. The website of
the local district government of Jianhua District in Qiqihar, China, was also knocked offline. Early in the morning on
22 June, it was revealed that LulzSec's "Brazilian unit" had taken down two Brazilian government websites,
brasil.gov.br
[6]
and presidencia.gov.br
[7]
. They also brought down the website of Brazilian energy company
LulzSec
7
Petrobras.
On 20 June, two members on the "Lulz Boat" reportedly leaked logs that LulzSec was going to leak on 21 June.
They also claimed that the two had leaked information that aided authorities in locating and arresting Ryan Cleary, a
man loosely affiliated with the group. LulzSec posted various personal information about the two on Pastebin
including IP addresses and physical addresses. Both had been involved with cyber-crimes in the past, and one had
been involved with hacking the game Deus Ex.
After LulzSec encouragement, some began tagging public locations with physical graffiti reading "Antisec" as part
of the operation. Numerous beachfronts in Mission Beach, San Diego were vandalized with the phrase. Some local
news organizations mistook the graffiti in Mission Beach as signs of the Antisec Movement. Many commenters on
the local news websites corrected this.
On 23 June, LulzSec released a number of documents pertaining to the Arizona Department of Public Safety, which
they titled "chinga la migra", which roughly translates to "fuck the border patrol". The leaked items included email
addresses and passwords, as well as hundreds of documents marked "sensitive" or "for official use only". LulzSec
claimed that this was in protest of the law passed in Arizona requiring some aliens to carry registration documents at
all times. Arizona officials have confirmed the intrusion. Arizona police have complained that the release of officer
identities and the method used to combat gangs could endanger the lives of police officers.
On 24 June 2011, LulzSecBrazil published what they claimed were access codes and passwords that they used to
access the Petrobras website and employee profile data they had taken using the information. Petrobras denied that
any data had been stolen, and LulzSecBrazil removed the information from their Twitter feed a few hours later. The
group also released personal information regarding President of Brazil Dilma Rousseff and Mayor of So Paulo
Gilberto Kassab.
On 25 June 2011, LulzSec released what they described as their last data dump. The release contained an enormous
amount of information from various sources. The files contained a half gigabyte of internal information from
telecommunication company AT&T, including information relating to its release of 4G LTE and details pertaining to
over 90,000 personal phones used by IBM. The IP addresses of several large corporations including Sony, Viacom,
and Disney, EMI, and NBC Universal were included. It also contained over 750,000 username and password
combinations from several websites, including 200,000 email addresses, usernames, and encrypted passwords from
hackforums.net; 12,000 names, usernames, and passwords of the NATO online bookshop; half a million usernames
and encrypted passwords of players of the online game Battlefield Heroes; 50,000 usernames, email addresses, and
encrypted passwords of various video game forum users; and 29 users of Priority Investigations, an Irish private
investigation company. Also included were an internal manual for AOL engineering staff and a screencapture of a
vandalized page from navy.mil, the website of the United States Navy. Members of the group continued the
operation with members of Anonymous after disbanding.
Despite claiming to have retired, on 18 July LulzSec hacked into the website of British newspaper The Sun. The
group redirected the newspaper's website to an also-hacked redesign website of another newspaper The Times,
altering the site to resemble The Sun and posting a fake story claiming that Rupert Murdoch had died after ingesting
a fatal dose of palladium. They objected to the involvement of News Corporation, the Murdoch-owned company that
publishes The Sun and The Times, in a large phone hacking scandal. The hacked website also contained a webcomic
depicting LulzSec deciding on and carrying out the attack. The group later redirected The Sun website to their
Twitter feed. News International released a statement regarding the attacks before having the page the statement
appeared on also redirected to the LulzSec Twitter page and eventually taken offline. The group also released the
names and phone numbers of a reporter for The Sun and two others associated with the newspaper and encouraged
their supporters to call them. In recent times NovaCygni of AntiSec has openly touted that the news channel Russian
Television (RT) has openly stated support for the Anonymous movement and that at least one reporter for them is a
active member of Anonymous. They further included an old email address and password of former News
International executive Rebekah Brooks. News Corporation took the websites offline as a precaution later in the day.
LulzSec
8
Denied attacks
The media reported a number of attacks, originally attributed to LulzSec, that the group later denied involvement in.
On 21 June, someone claiming to be from the group posted on Pastebin that they had stolen the entire database of the
United Kingdom Census 2011. LulzSec responded by saying that they had obtained no such data and that whoever
posted the notice was not from the group. British officials said they were investigating the incident, but have found
no evidence that any databases had been compromised or any information taken. The British government, upon
concluding their investigation, called the claims that any information on the census was taken a hoax.
In June 2011, assets belonging to newspaper publisher News International were attacked, apparently in retaliation for
reporting by The Sun of the arrest of Ryan Cleary, an associate of the group. The newspaper's website and a
computer used in the publishing process of The Times were attacked. However, LulzSec denied any involvement,
stating "we didn't attack The Sun or The Times in any way with any kind of DDoS attack". Members of AntiSec
based in Essex England claimed responsibility for the attack.
Hacker actions against LulzSec
A number of different hackers have targeted LulzSec and its members in response to their activities. On 23 June
2011, Fox News reported that rival hacker group TeaMp0isoN were responsible for outing web designer and alleged
LulzSec member Sven Slootweg, who they said used the online nickname Joepie91, and that they have intentions to
do the same with every member. A Pastebin post in June 2011 from hacker KillerCube identified LulzSec leader
Sabu as Hector Xavier Monsegur, an identification later shown to be accurate.
A group calling themselves Team Web Ninjas appeared in June 2011 saying they were angry over the LulzSec
release of the e-mail addresses and passwords of thousands of normal Internet users. They attempted to publicly
identify the online and real world identities of LulzSec leadership and claimed to do so on behalf of the group's
victims. The group claimed to have identified and given to law enforcement the names of a number of the group's
members, including someone they claimed is a United States Marine.
The Jester, a hacker who generally went by the leetspeak handle th3j35t3r, vowed to find and expose members
of LulzSec. Claiming to perform hacks out of a sense of American patriotism, he attempted to obtain and publish the
real world personally identifiable information of key members, whom he described as "childish". On 24 June 2011,
he claimed to have revealed the identity of LulzSec leader Sabu as an information technology consultant possibly
from New York City. On 24 June 2011, a hacker allegedly going by the name Oneiroi briefly took down the LulzSec
website in what he labelled "Operation Supernova". The Twitter page for the group also briefly became unavailable.
On 24 June 2011, The Guardian published leaked logs from one of the group's IRC channels. The logs were
originally assumed to have been leaked by a disillusioned former member of the group who went by the nickname
m_nerva, yet fellow hacker Michael Major, known by his handle 'hann', later claimed responsibility. After
confirming that the leaked logs were indeed theirs, and that the logs revealed personal information on two members
who had recently left the group due to the implications of attacking the FBI website, LulzSec went on to threaten
m_nerva on their Twitter feed. LulzSec claimed the logs were not from one of their core chatting channels, but rather
a secondary channel used to screen potential backups and gather research.
A short time before LulzSec claimed to be disbanding, a group calling itself the A-Team posted what they claimed
was a full list of LulzSec members online along with numerous chat logs of the group communicating with each
other. A rival hacker going by the name of TriCk also claimed to be working to reveal the group's identities and
claimed that efforts on the part of rival hackers had pushed the group to disband for fear of being caught.
LulzSec
9
Law enforcement response
On 21 June 2011, the Metropolitan Police announced that they had arrested a 19-year-old man from Wickford,
Essex, named by LulzSec and locally as Ryan Cleary, as part of an operation carried out in cooperation with the FBI.
The suspect was arrested on charges of computer misuse and fraud, and later charged with five counts of computer
hacking under the Criminal Law Act and the Computer Misuse Act. News reports described him as an alleged
member of LulzSec. LulzSec denied the man arrested was a member. A member of LulzSec claimed that the suspect
was not part of the group, but did host one of its IRC channels on his server. British police confirmed that he was
being questioned regarding alleged involvement in LulzSec attacks against the Serious Organized Crime Agency
(SOCA) and other targets. They also questioned him regarding an attack on the International Federation of the
Phonographic Industry in November 2010. On 25 June 2011 the court released Cleary under the bail conditions that
he not leave his house without his mother and not use any device connected to the internet. He was diagnosed the
previous week with Asperger syndrome. In June 2012 Cleary, together with another suspected LulzSec member,
19-year old Jake Davis, pleaded guilty conspiring to attack government, law enforcement and media websites in
2011.
At around the same time as Cleary's arrest, Federal Bureau of Investigation agents raided the Reston, Virginia
facility of Swiss web hosting service DigitalOne. The raid took several legitimate websites offline for hours as the
agency looked for information on an undisclosed target. Media reports speculated the raid may have been related to
the LulzSec investigation.
A few days before LulzSec disbanded, the FBI executed a search warrant on an Iowa home rented by Laurelai
Bailey. Authorities interviewed her for five hours and confiscated her hard drives, camera, and other electronic
equipment, but no charges were filed. Bailey denied being a member of the group, but admitted chatting with
members of LulzSec online and later leaking those chats. The FBI was interested in having her infiltrate the group,
but Bailey claimed the members hated her and would never let her in. The questioning by the FBI led a local
technical support company to fire Laurelai, claiming she embarrassed the company.
On 27 June 2011, the FBI executed another search warrant in Hamilton, Ohio. The local media connected the raid to
the LulzSec investigation; however, the warrant was sealed, the name of the target was not revealed, and the FBI
office in Cincinnati refused to comment on any possible connection between the group and the raid. No one was
charged with a crime after the FBI served the warrant. Some reports suggested the house may have belonged to
former LulzSec member m_nerva, whom was originally suspected of leaking a number of the group's logs to the
press, and information leading to the warrant supplied by Ryan Cleary.
On 19 July 2011, the London Metropolitan Police announced the arrest of LulzSec member Tflow. A 16-year-old
male was arrested in South London on charges of violating the Computer Misuse Act, as part of an operation
involving the arrest of several other hackers affiliated with Anonymous in the United States and United Kingdom.
LulzSec once again denied that any of their membership had been arrested, stating "there are seven of us, and we're
all still here."
On the same day the FBI arrested 21-year-old Lance Moore in Las Cruces, New Mexico, accusing him of stealing
thousands of documents and applications from AT&T that LulzSec published as part of their so called "final
release".
The Police Central E-Crime Unit arrested an 18-year-old man from Shetland on 27 July 2011 suspected of being
LulzSec member Topiary. They also searched the house of a 17-year-old from Lincolnshire possibly connected to
the investigation, interviewing him. Scotland Yard later identified the man arrested as Yell, Shetland resident Jake
Davis. He was charged with unauthorized access of a computer under the Computer Misuse Act 1990, encouraging
or assisting criminal activity under the Serious Crime Act 2007, conspiracy to launch a denial-of-service attack
against the Serious Organised Crime Unit contrary to the Criminal Law Act 1977, and criminal conspiracy also
under the Criminal Law Act 1977. Police confiscated a Dell laptop and a 100-gigabyte hard drive that ran 16
different virtual machines. Details relating to an attack on Sony and hundreds of thousands of email addresses and
LulzSec
10
passwords were found on the computer. A London court released Davis on bail under the conditions that he live
under curfew with his parents and have no access to the internet. His lawyer Gideon Cammerman stated that, while
his client did help publicize LulzSec and Anonymous attacks, he lacked the technical skills to have been anything
but a sympathizer.
In early September 2011, Scotland Yard made two further arrests relating to LulzSec. Police arrested a 24-year-old
male in Mexborough, South Yorkshire and a 20-year-old male in Warminster, Wiltshire. The two were accused of
conspiring to commit offenses under the Computer Misuse Act of 1990; police said that the arrests related to
investigations into LulzSec member Kayla.
On 22 September 2011, the FBI arrested Cody Kretsinger, a 23-year-old from Phoenix, Arizona who was indicted on
charges of conspiracy and the unauthorized impairment of a protected computer. He is suspected of using the name
"recursion" and assisting LulzSec in their early hack against Sony Pictures Entertainment, though he allegedly erased
the hard drives he used to carry out the attack. Kretsinger was released on his own recognizance under the conditions
that he not access the internet except while at work and that he not travel to any states other than Arizona, California,
or Illinois. The case against him was filed in Los Angeles, where Sony Pictures is located. Kretsinger pleaded guilty
on 5 April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer. On
19 April 2013, Kretsinger was sentenced to one year in prison for the "unauthorized impairment of protected
computers".
On 6 March 2012, two men from Great Britain, one from the United States, and two from Ireland were charged in
connection to their alleged involvement with LulzSec. The FBI revealed that supposed LulzSec leader Hector Xavier
Monsegur, who went by the username Sabu, had been aiding law enforcement since pleading guilty to twelve counts,
including conspiracy and computer hacking, on 15 August 2011 as part of a plea deal. In exchange for his
cooperation, federal prosecutors agreed not to prosecute Monsegur for his computer hacking, and also not to
prosecute him for two attempts to sell marijuana, possession of an illegal handgun, purchasing stolen property,
charging $15,000 to his former employer's credit card in a case of identity theft, and directing people to buy
prescription drugs from illegal sources. He still faces a misdemeanor charge of impersonating a federal agent. Five
suspects were charged with conspiracy: Jake Davis, accused of being the hacker "Topiary" (who had been previously
arrested); Ryan Ackroyd of London, accused of being "Kayla"; Darren Martyn of Ireland, accused of being
"pwnsauce"; Donncha OCearrbhail of Ireland, accused of being "palladium"; and Jeremy Hammond of Chicago,
accused of being "Anarchaos". While not a member of LulzSec, authorities suspect Hammond of being a member of
Anonymous and charged him with access device fraud and hacking in relation to his supposed involvement in the
December 2011 attack on intelligence company Stratfor as part of Operation AntiSec.
On 8 April 2013, Jake 'Topiary' Davis and three other LulzSec members pled guilty to charges of computer hacking
at Southwark Crown Court in London.
On 24 April 2013, Australian Federal Police arrested 24-year-old Matthew Flannery of Sydney, who claimed to be
"in charge" of LulzSec. Flannery, who went by the username Aush0k, was arrested for the alleged hacking of an
unnamed Australian government agency.
LulzSec
11
References
[1] Paul, Ian. " Lulz Boat Hacks Sony's Harbor: FAQ (http:/ / www. pcworld. com/ article/ 229316/ lulz_boat_hacks_sonys_harbor_faq. html)."
PC World. 3 June 2011. Retrieved on 6 June 2011.
[2] "Chats, Car Crushes and Cut 'N Paste Sowed Seeds Of LulzSec's Demise" (http:/ / threatpost. com/ en_us/ blogs/
chats-car-crushes-and-cut-n-paste-sowed-seeds-lulzsecs-demise-030712)
[3] An Interview with Anonymous (http:/ / www.highseverity. com/ 2011/ 01/ interview-with-anonymous. html). High Severity (2011-01-08).
Retrieved on 2013-09-05.
[4] http:/ / senate.gov/
[5] https:/ / www. cia. gov/
[6] http:/ / brasil.gov. br
[7] http:/ / presidencia.gov. br
External links
LulzSec (https:/ / web. archive. org/ web/ */ http:/ / lulzsecurity. com/ ) at the Wayback Machine
Lulz Security (https:/ / twitter. com/ lulzsec) on Twitter
Lulzsecurity.org (http:/ / lulzsecurity. org/ ) Current website referencing the latest attacks the group
LuLzSecReborn
LulzSec (http:/ / archive. is/ 20130221/ http:/ / www. formspring. me/ LulzSec) at Formspring
Article Sources and Contributors
12
Article Sources and Contributors
LulzSec Source: https://en.wikipedia.org/w/index.php?oldid=610031036 Contributors: A Dirty Watermelon, ANGELUS, Aa2-2004, Abesdre, Acroterion, Adlerschlo, AgadaUrbanit, Agent
ExpectUs, Ahb363636, Airumel, AlanDvorak, Alastair B. Campbell, Aleichem, Amckern, Angryapathy, AnoData, Anon73313, AnonZero, Anonmsr891, Anonymousthefiftieth, Another n00b,
Ansh666, Anthony Appleyard, Apple187jacks, Arthur Rubin, Auntof6, Auranor, Aussie Evil, Austin9107, Avinashega, Ayeowch, BPositive, Bacontron, Bender235, Benlisquare, Bgwhite,
BitBus, Bitcoin, BlackHawk214, Blankserpico, Bluefist, BluejacketT, Bobherry, Bobrayner, Bsadowski1, Bstbll, C.Fred, Calmer Waters, Canley, Captain Screebo, Cereal862, Chairsenses,
Cheleesb, ChristopherAndersen, Ciaran Sinclair, Ckywht, Cojoco, Collegebookworm, Colonies Chris, Compfreak7, CopperSquare, Crosscountryrunnur, Cst17, Ctnelsen, Cybercobra, DMacks,
DVdm, Dabomb87, Dagko, Dalyup!, Danjewell, David Biddulph, Dayyan, Dccamman, DeadlyAssassin, Decora, DemocraticLuntz, Discospinster, Dl2000, Dmarquard, Dotaveteran,
Downwithsopa, Dr Gator 24, Dravecky, Ederiel, Edgar181, Effx101, Elementaldazn, Endeavourous, Enigmocracy, Erastmus, Ericoides, ErrantX, Eug.galeotti, Excirial, Fastily, Favonian, Feezo,
Fl4shmofo, Flat Out, Florian Blaschke, Fluttershy, Flyer22, Fox2k11, FrankAndProust, Frze, Functional Hacking Agency, Fx1017, GabrielF, Gangster172, GastelEtzwane, GenMcMuffin,
Geniac, Gimmetoo, Gngster1337, Gobonobo, Gogo Dodo, GoingBatty, Guinness2702, Gdel's Prodigal Apprentice, Havermayer, Hodeken, Hvn0413, Hydrargyrum, Hydrox, I dream of horses,
ISwaggtoMuch, Icycomputer, Ipsign, IronGargoyle, Isarian, Ishdarian, JV Smithy, Jamesx12345, Jarkeld, Jasper Deng, Jay942942, JayDez, Jcnetsys, Jeffwang, Jerzy, JettaMann, Jianhui67,
Jim1138, JitteryOwl, Jnorton7558, John Cline, John Holmes II, John Reaves, John of Reading, JohnnyMrNinja, Jollyroger, Jprg1966, KConWiki, Ka Faraq Gatri, Kanogul, Keith D, Keron Cyst,
Kerrangbro, Khazar2, Kinaro, Kledsky, Kondi, KrakatoaKatie, Kwns, Lairju1, Lambiam, Legoktm, Lenzar, Levisjani, Linktopast30, Little Professor, Little green rosetta, Lobsterfinger, Loipit,
Looloozshooz, Lotje, Lucius funk, Lulzexploited, M0rphzone, MSJapan, Mandeeprai, Marcuscalabresus, Mark Arsten, Markewilliams, Martarius, Martinevans123, Masharabinovich,
Maxamillion2015, MeanMotherJr, Meelar, Menswear, Meowman333, Merqurial, Michaeldsuarez, Mindmatrix, Mnemnoch, Mnemonyss, Monty845, Moocha, Morel, Morphh, Mortense,
MrFauxsimplicity, MrMarmite, Mrt3366, NPrice, Nasnema, NawlinWiki, Neil Strickland, Niceguyedc, Nigholith, Nokiaisindestructablelikemepwnd, Notjbg, NottNott, Oceanicwiki,
Ohconfucius, Ohiostandard, OlEnglish, PTJoshua, PaintedCarpet, Paul the less, PerryTachett, Pesa123456789, Peyre, PhageRules1, Pharaoh of the Wizards, Piroteknix, Pleonic, Pmberry,
Pmsyyz, Pol098, Polyquest, Preda, Pstanton, PsychicRider, Qrsdogg, RHaworth, Ragingcamel, Ralph07, Ramaksoud2000, Randykitty, RaphaelQS, Reaper Eternal, ResidentAnthropologist,
Rhododendrites, Robofish, RoflConSwf, Rothorpe, SEWilco, SF007, Sapslaj, Sarahj2107, Saucecode, Saudade7, Scapler, Scboo, Sethi Xzon, Sfan00 IMG, ShadowSec, Shaun, Shawn in
Montreal, Shii, Shimeru, Shizhao, Shukin, Silver Sonic Shadow, Smallman12q, SmashingAustralianChap, Snorlax Monster, Snowolf, Soffredo, Sonicsuns, SpaceChimp1992, Speciate,
Spudspotato, StanleyKerbrick, Starkiller88, Steven Walling, Suara Gondang, Subash.chandran007, Subject Omega, SwimFellow, Swizzbeat, T3chl0v3r, TT-97976, Tabletop, Tacohd,
TapDatApp, Tbhotch, Tehori, The1mysticgod3, TheEpTic, TheHaxPutt, TheMesquito, TheNamelessAccount, Theopolisme, Thepacketrat, Throwaway85, Tide rolls, Tolly4bolly, TonyTheTiger,
Toonjamie, Tractor Tyres, Trevj, UnbiasedNeutral, Unclevinny, Unknownman19, Upshout78, User99671, Vacation9, Velella, VoodooKobra, Vrenator, W Nowicki, WIERDGREENMAN,
Wagner, Wavehunter, Welsh-girl-Lowri, WhisperToMe, Whiteandnerdy52, WhySoSrsBrosif, Whyapac, Widr, WikiTryHardDieHard, Wikiditm, Wikipelli, Wisamzaqoot, Wknight94, Wnt, XP1,
XPsych0path, Xeworlebi, Y98, YUL89YYZ, Yonskii, YuMaNuMa, Yug, Zerotonin, Zolars, Zononymous, Zooyorksk8er97, Zordsthrone, , 522 anonymous edits
License
Creative Commons Attribution-Share Alike 3.0
//creativecommons.org/licenses/by-sa/3.0/