Are LulzSec hacktivists or cybercriminals? [poll]
I awoke this morning to find my wife watching "WarGames", the classic 1980s hacker movie. That got me to thinking about hacker group LulzSec Security, which has been mighty busy this month. Is it a group of stereotypical, mischievous hackers or dangerous cybercriminals? Under the law, the distinction is meaningless. But your answer means something to me and to other Betanews readers.
Please answer the simple poll below and respond in comments. I normally despise anonymous comments but understand if you feel the need to create a new Betanews account to respond. Or you can send email to joe at betanews dot com. Your identity or anonymity is probably safest with me. I don't give up sources.
The question is no simple one. The stereotypical hacktivist is a mischievous break-in artist, who might also seek to expose security vulnerabilities or secrets in the public interest. The stereotypical cybercriminal is motivated purely by profit. Either can wreak devastation. Some people may view LulzSec as a group of hacktivists but still believe its members should be prosecuted. Earlier this week, Scotland Yard caught someone it claimed to be a LulzSec leader; the group disputes this.
LulzSec has unleashed its "canon" many times this month, breaking into or bringing down by DDoS attacks some surprising targets. On June 21, the group took down Brazilian government websites. Days earlier, LulzSec teamed up with hacker group Anonymous for mission AntiSec (Anti-Security), which seeks to expose any government-classified information that can be stolen. On June 16, LulzSec released 62,000 stolen usernames and passwords. Earlier that week, the group launched DDoS attacks against gaming sites' log-in pages, set up a hotline for requesting hacks and hacked both the CIA and US Senate. Other recent website attacks include Nintendo, PBS and Sony.
LulzSec describes itself as "a small team of lulzy individuals who feel the drabness of the cybercommunity is a burden on what matters: fun. Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year." (I corrected the misspelling of calendar.)
AntiSec raises recent LulzSec activity to a whole new level of mischievousness or crime, depending on how you view the group. According to the group's AntiSec manifesto:
Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you're aware of the corruption, expose it now, in the name of Anti-Security. Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.
Is its quest entertainment, activism, a little of both or neither? Or terrorism, as one person suggested to me today? The new mission involves others, and not just Anonymous. Some recent LulzSec Twitter account tweets:
- "The Lulz Boat is at the forefront of the lizard battle fleet. Board your vessels and follow us into war; welcome to anti-security".
- "Operation Anti-Security is in effect. Join the fleet and tear the government and whitehat peons limb from limb - #antisec winds are strong".
- "We hear our #Anonymous brothers are making progress with #AntiSec, we also have reports of many rogue hacker groups joining in. :D".
- "Like @WikiLeaks, our sources remain anonymous. Leak payloads are being decided now".
- "Our next step is to categorize and format leaked items we acquire and release them in #AntiSec 'payloads' on our website and The Pirate Bay".
- "DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes".
- "Join the Operation Anti-Security IRC, click here: http://t.co/1XLL1Jj | Or set your client to irc.anonops.li channel #AntiSec (port 6697)".
- "We're hoping to have Operation Anti-Security Payload #1 ready by Friday".
The group has repeatedly expressed anti-government sentiments, and is portraying itself in WikiLeaks-like fashion. When LulzSec posted the Senate's site directory structure, a statement included with the data asked: "Is this an act of war, gentlemen?" The Pentagon has been talking about treating cyberattacks as acts of war.
So I come back to you with the question: Are LulzSec members hacktivists or cybercriminals? Or perhaps the distinction doesn't matter to you. As a journalist, it matters to me. But this post isn't the place to explain why. Perhaps in the future.