Articles about LulzSec

Or stated differently: Have the ill-winds of fate caught the Lulz Boat's sails?

Today, quite unexpectedly, LulzSec Security announced its retirement. "This is our final release, as today marks something meaningful to us. For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could", according to a statement from the hacker group. "Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind -- we hope -- inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love".

Continue reading →

LulzSec's theft and disclosure of "law enforcement sensitive" documents and personal information from the Arizona Dept. of Public Safety has caused quite an uproar over privacy and security, but it has also provided a glimpse into crime in the American Southwest, where cross-border drug trafficking is a major concern. For us, It has provided a look into the impact consumer technology has had on the criminal underworld in the last three years.

1. Laptop Drug Mule -- According to an intelligence bulletin from the El Paso Intelligence Center (EPIC), a passenger flying on Copa Airlines from Colombia to New York in March was caught with 1.6 kilos of heroin smuggled inside an HP laptop, mouse, external hard drive, ipod speakers, digital picture frame and mp3 player.

Continue reading →

Editor's note: Yesterday, hacker group LulzSec Security released a cache of documents taken from Arizona Dept. of Public Safety servers. The data dump included personal information, such as home address and spouse's name, for cops. Here, a victim from an earlier LulzSec data dump -- 62,000 stolen usernames and passwords, many connected to public services like AOL and Gmail -- has something to say about the group. This commentary is edited together from separate emails. Fearing reprisals, the LulzSec victim requests anonymity, so we can't fully verify the story. But based on email exchanges we're confident it's legit.

The feelings that morning as all my accounts were being shut down for no apparent reason was like my experience in Washington, DC on 9/11-- initially confusing. Then as news reports leaked out and I realized that I was a target, the panic ensued. Just [like] we were hearing that our building might possibly be a target of an aircraft on 9/11.

Continue reading →

Would WikiLeaks be so bold as to release personal information -- like home address and spouse's name -- of cops? That's exactly what hacker group LulzSec Security did late today. The hackers took the sensitive information from Arizona Dept. of Public Safety servers. The agency has confirmed the data breach.

Key takeaways you'll find in this post: 1) LulzSec chose a target that would be divisive regarding public opinion -- is this a hacktivist/anarchist group of do-gooders or terrorists? 2) One victim of LulzSec's earlier data disclosure calls the group "terrorists". 3) A Betanews poll finds respondents to be equally divided about whether LulzSec is a hacktivist group revealing secrets or cybercriminals who should be prosecuted.

Continue reading →

Whatever happened to disposable credit card numbers? They're a great idea and they can work really well, but few banks offer them and even those don't push them really hard. The problem is users: To use these numbers, users would have to think about their own security.

Almost every security proposal, especially the really broad ones, has an element of user education in it. "We've got to train users to look for these things and avoid them" or something to that effect. Many security experts will sigh and tell you that it's like teaching math to your dog. Not only will they not learn it, they don't even get the point.

Continue reading →

I awoke this morning to find my wife watching "WarGames", the classic 1980s hacker movie. That got me to thinking about hacker group LulzSec Security, which has been mighty busy this month. Is it a group of stereotypical, mischievous hackers or dangerous cybercriminals? Under the law, the distinction is meaningless. But your answer means something to me and to other Betanews readers.

Please answer the simple poll below and respond in comments. I normally despise anonymous comments but understand if you feel the need to create a new Betanews account to respond. Or you can send email to joe at betanews dot com. Your identity or anonymity is probably safest with me. I don't give up sources.

Continue reading →

Brasil.gov.br and Presidencia.gov.br, two sites belonging to the government of Brazil, were the latest victims of anti-security hacker group LulzSec on Tuesday.

The now-familiar cry of "Tango Down!" came across Twitter from LulzSec and another account named LulzSecBrazil on Tuesday evening, signaling that the hacker group had successfully brought down another website. The group initiated a DDoS attack against the U.K.'s Serious Organized Crime Agency this week, and called for a rally to pillage government data stockpiles for secret information.

Continue reading →

The "lulz" for LulzSec may be about to end as worldwide authorities begin a push to apprehend those responsible. The British Metropolitan Police Service -- better known as Scotland Yard -- said Tuesday that it had arrested a 19-year-old man believed to be one of the lead individuals within the hacking collective.

UK law enforcement was under increasing pressure to find those responsible after LulzSec said that it planned to release the entire database from Britain's 2011 census. That would have meant some 62 million people could have their personal data exposed, the biggest hack yet for the group.

Continue reading →

Anonymous, the hacker collective famous for performing cyber attacks as public retribution, has reportedly teamed up with LulzSec, the hacker group that attacks mostly for entertainment, for a mission going by the title AntiSec (Anti-Security) which seeks to expose any government-classified information that can be stolen.

LulzSec, which has recently stolen headlines for a rash of denial of service attacks issued an AntiSec manifesto today, asking everyone to join the rebellion.

Continue reading →

Sega is the latest video game company to fall prey to hackers, as the Sega Pass network of gaming sites, forums, and customer offers has been taken down and the information connected to 1.3 million accounts stolen.

User names, birthdates, e-mail addresses and passwords were all exposed in the security compromise. Fortunately for users, it did not include any financial information.

Continue reading →

LulzSec is having quite the week of hacktivist actvity. After launching DDoS attacks against gaming sites' log-in pages, setting up a hotline for requesting hacks and hacking both the CIA and US Senate, the group released a long list of passwords and email addresses it had obtained. Is yours among them? Whew, mine isn't. You should check, too, if using public services like AOL, Gmail or Yahoo.

I'm amazed at the ridiculous passwords people use. A quick search of the 62,000 released by LulzSec finds hundreds of instances of  "123456" and "password" as password. There are 28 "11111", more than twice as many "0000" and 20 variations of the "f" word. Then there are the repeaters, like "alex186" for five different email addresses.

Continue reading →

One day after opening a hotline to take requests for its next hacking target, black hat security group LulzSec appears to have taken down the website belonging to the Central Intelligence Agency (CIA.)

The image above is from the group's Twitter feed just about half an hour ago, CIA.gov remains unreachable (Error 7 (net::ERR_TIMED_OUT): The operation timed out.) from our location in Maryland (others claim to see no change to the site.)

Continue reading →

LulzSec has started crowdsourcing its nefarious online activities by opening a request line for future assaults.

Yesterday, the hotline number went out via LulzSec's Twitter account: "Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon -- take aim for us, twitter. #FIRE." I called the number today. There's something there. I didn't leave a take-down request.

Continue reading →

In what is an embarrassing oversight for Citigroup, attackers that got away with information on over 200,000 credit card holders only needed to make a change in the string of the URL itself. This means that as long as you had the account number, you would be able to access all personal data associated with that particular account.

Citigroup should consider itself lucky that more customers did not have their accounts compromised. How the hackers got the credit card numbers themselves is not clear yet, but the vulnerability allowed them to jump among accounts automatically by just being logged in and running a script.

Continue reading →

LulzSec continued to push its collective luck over the weekend, breaking into US Senate computers and publishing the directory structure on its website. The move is LulzSec's most brazen yet: breaking into government computers is a serious offense.

The group is responsible for hacks on FBI-related sites and Nintendo, and has also claimed responsibility for attacks on PBS' site where it posted an article claiming late rapper Tupac Shakur was still alive, as well as at least a half-dozen attacks on Sony.

Continue reading →