LulzSec outdoes WikiLeaks in stunning disclosure of Arizona documents
Would WikiLeaks be so bold as to release personal information -- like home address and spouse's name -- of cops? That's exactly what hacker group LulzSec Security did late today. The hackers took the sensitive information from Arizona Dept. of Public Safety servers. The agency has confirmed the data breach.
Key takeaways you'll find in this post: 1) LulzSec chose a target that would be divisive regarding public opinion -- is this a hacktivist/anarchist group of do-gooders or terrorists? 2) One victim of LulzSec's earlier data disclosure calls the group "terrorists". 3) A Betanews poll finds respondents to be equally divided about whether LulzSec is a hacktivist group revealing secrets or cybercriminals who should be prosecuted.
Anti-Security Payload #1 is Delivered
We knew this was coming. Earlier this week, LulzSec teamed up with hacker group Anonymous for mission AntiSec (Anti-Security), which seeks to expose any government-classified information that can be stolen. Since then, the LulzSec Twitter account warned of a big release. For example: "We're hoping to have Operation Anti-Security Payload #1 ready by Friday".
It's not even Friday here in the United States, and the payload has dropped and exploded across the InterWebs.
"Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust 'war on drugs'", according to a statement on LulzSec's website. "Hackers of the world are uniting and taking direct action against our common oppressors -- the government, corporations, police, and militaries of the world. See you again real soon! ;D"
Tweeted a few hours ago: "Releasing more goods on Monday!"
Target chosen to divide People about LulzSec
LulzSec's data dump was smartly chosen, regardless of motivation. It's sure to galvanize the divide between people viewing the group as either hacktivists or cybercriminals -- or terrorists.
"We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement", LulzSec reveals with the data dump. "We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona".
SB1070 is a highly controversial law that has brought accusations of racial profiling against Arizona government and law enforcement. That's where the data release is likely divisive. Some people who oppose the massive disclosure might also oppose the law. LulzSec's stated reasons for the data dump will bolster the group's anarchist/hacktivist persona with some people, and embolden others to call the hackers terrorists.
"The documents classified as 'law enforcement sensitive', 'not for public distribution', and 'for official use only' are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements", LulzSec explains.
"They're Terrorists", says One Victim
On June 16, LulzSec released 62,000 stolen usernames and passwords, many connected to public services like AOL and Gmail. One person claiming to have had email and password exposed in the data release emailed me today. This victim called LulzSec "terrorists", writing:
Terrorists wish to force governments and others to change policies they don't approve of and use attacks to generate panic amongst civilian populations in hope they will apply pressure to their governments. Al Qaeda does this. So does LulzSec.
Terrorists act anonymously and then take credit for the attack in its aftermath. Al Qaeda does this. So does LulzSec. Terrorists have no compassion for the collateral damage done to victims who aren't the target of their ire. LulzSec expressed this emphatically by encouraging people to inflict as much damage as possible on those logins and passwords.
If Lulszec were really trying to 'make things better' they would have alerted me anonymously as to what they had done. Told me which company had such weak security and warned me that I was vulnerable and to change my password and possibly vendor immediately. Also, to support or apply pressure where needed to achieve their aims. I would have been grateful to them and responded...
They want me to thank them and blame the company that was robbed. I don't thank bank robbers and blame my bank. Banks wouldn't need tight security if not for bank robbers just as people once didn't need to lock their doors at night.
Pollees divided about LulzSec
Earlier today, I posted a survey, which is embedded above, asking if LulzSec's members are hacktivists or cybercriminals. What shocks me -- and I mean really shocks -- is how consistently divided the results have been all day. The split between responses "They're hacktivists exposing secrets -- let them be" and "They're cybercriminals -- prosecute them" has been about a 35 percent for both right from the first votes. With 1,011 votes in, the breakdown is:
- They're hacktivists having fun -- let them be: 11.28%
- They're hacktivists exposing secrets -- let them be: 35.81%
- They're hacktivists who broke the law -- prosecute them: 15.92%
- They're cybercriminals -- prosecute them: 35.01%
- Lulz Who? Never heard of them: 1.98%
Looked at differently, 47.09 percent of respondents say "let them be", while 50.93 percent say "prosecute them". Interestingly, those percentages also have been fairly consistent all day. My question: How will tonight's data disclosure affect peoples' attitudes about LulzSec? Perhaps further polling will give an answer.