Skip to Main Content

LulzSec? Anonymous? Know Your Hackers

LulzSec and Anonymous. Who are these people? What do they want? Can they be stopped or are we one hack away from having all our personal information posted on Twitter, Pastebin, or The Pirate Bay?

June 22, 2011

For weeks now, tech headlines have been dominated by news of security breaches, data dumps, and hackers. It kicked off in April when Sony had to take its PlayStation Network offline after a massive hack, but has since moved to focus on the vocal and unapologetic LulzSec.

But who are these people? What do they want? Can they be stopped, or are we one hack away from having all our personal information posted on Twitter, Pastebin, or The Pirate Bay?

The two groups making the most headlines are LulzSec and Anonymous. LulzSec has gained in popularity in recent months, but Anonymous has been around . In general, Anonymous organizes distributed denial of service (DDoS) attacks against political targets—government with which they do not agree or companies, like Sony, filing lawsuits against hackers. LulzSec has also targeted government sites—like the CIA and Senate.gov—but the group has also hacked gaming companies and published the personal information of average Web users just for kicks, or lulz.

Recently, for a project known as Operation Anti-Security, in which they pledged to target the Web sites of government agencies via DDoS attacks or defacement. But despite the cooperation, both groups still have their own agendas. Let's take a look.

ANONYMOUS

Anonymous has been around for years, but really picked up steam and garnered national attention in 2008 when it went after the Church of Scientology. At the time, a video of actor Tom Cruise speaking about Scientology ended up on YouTube, and the church demanded that it be removed. Media sites like Gawker, however, kept it up. "It's newsworthy; and we will not be removing it," Gawker's Nick Denton wrote.

Anonymous viewed the church's efforts to wipe the videos as Internet censorship. In a 2008 YouTube video, the group pledged to "expel you from the Internet and systematically dismantle the Church of Scientology in its present form." The campaign became known as Project Chanology (Anonymous reportedly includes members of the "/b/" bulletin board 4chan.org) and included various hacks, protests, and pranks, prompting the church to accuse Anonymous of religious hate crimes.

In the years that followed, Anonymous targeted a number of groups with which it did not agree, like the Westboro Baptist Church. More recently, the group made headlines for going after security firm HBGary Federal, companies that cut ties with Wikileaks, and Sony.

Anonymous , days after CEO Aaron Barr told the Financial Times that he knew and planned to expose the identities of leaders behind the Anonymous collective. The cyber attack resulted in the defacing of Barr's online networking profiles and exposure of 71,800 e-mails at AnonLeaks. The controversy prompted Barr to .

The Wikileaks saga started after the about 250,000 State Department cables. Soon after, companies like MasterCard, Visa, and PayPal , while Amazon refused to host the site. Anonymous accused the companies of bowing to government pressure and against the sites, taking them down or slowing them significantly. That prompted Twitter to temporarily suspend the group's feed.

Sony, meanwhile, felt the wrath of Anonymous after it went after those who hacked its PlayStation 3, most notably . In April, Anonymous to protest Sony's lawsuits. An Anonymous offshoot known as "SonyRecon" individual Sony employees.

When Sony's PlayStation Network was hacked in April, Anonymous . But Sony said it uncovered a file on a Sony Online Entertainment server that said "Anonymous." A group spokesman said Anonymous was being set up, but the decentralized nature of the group . Essentially, if you say you're a member of Anonymous, you're a member of Anonymous so a member could have done it without the higher ups knowing.

It hasn't been completely smooth sailing for Anonymous members. Earlier this month, and arrested members of the group for alleged DDoS attacks. Officials in the UK also Anonymous members back in January, while FBI officials here executed search warrants. Anonymous said officials and vowed revenge.

As a result, much of Anonymous' activity lately has been targeting governments that arrest its members, like Spain, or those with Internet policies that Anonymous deems oppressive, . The group also against Federal Reserve chairman Ben Bernanke because it felt the U.S. government has failed its citizens.

Given the attention LulzSec has received, however, it made sense that Anonymous teamed up with the group for an project dubbed Operation Anti-Security.

"The government has tried to take control of our Internet ocean," Anonymous said in a recent YouTube video. "We are sending our fleet to fight alongside the lulzboat to reclaim what is rightfully the peoples'. It's time to show the corrupt governments of the world that they have no right to censor what they do not own."

Communication: There are a variety of Anonymous-related Twitter feeds, but lately, most of the news is coming from @AnonOps. The group also has a blog at anonops.blogspot.com and youranonnews.tumblr.com and a Facebook page. Barrett Brown is also considered a sometimes spokesman for Anonymous, and he tweets via @BarrettBrownLOL.

Major Targets: Church of Scientology, HBGary Federal, anti-Wikileaks sites, Sony, Web sites of governments that censor the Internet.

Symbol: Anonymous has adopted the Guy Fawkes mask used by the title character in the "V for Vendetta" graphic novel series as its symbol.

Catchphrase: We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

Keep Reading: LulzSec: Who Will the LulzBoat Hit Next?>

LULZSEC

LulzSec emerged in the past few months, but has quickly wrestled the headlines away from Anonymous, perhaps due to the juvenile and taunting nature of many of its tweets. Everyone is a target and very few things are off limits; at one point, the group where it took hacking requests.

LulzSec first got noticed, however, when it hacked the Web sites of Fox.com and PBS. It stole Fox employee passwords and posted them online and took over the Twitter account of a Fox affiliate.

Weeks later, in response to a Frontline special about Wikileaks it did not like, , posting a fake news story that said deceased rapper Tupac Shakur was still alive.

The group soon took to Twitter to spread its message via @LulzSec; the feed now has almost 250,000 followers. LulzSec has used the micro-blogging site to announce its next targets, post links to data it has stolen through various hacks, and taunt its enemies. Twitter did not respond to a request for comment about whether LulzSec's activities violates the company's terms.

Given that the Twitter feed is the group's main source of communication, however, perhaps law enforcement wants them to remain online so their activities can be monitored. Since the PBS and Fox.com hacks, LulzSec has also targeted SonyPictures.com, FBI affiliated Web sites, Nintendo, Bethesda Softworks and other small gaming companies, Senate.gov, and the CIA, among others.

Ostensibly, LulzSec is calling attention to the lackluster security practices used by the companies that house our personal data. But major corporations have not been the group's only targets. Recently, LulzSec of 62,000 average Web users, people who subsequently had their emails hacked, Facebook accounts defaced, and Amazon accounts charged. After playing with the aforementioned hacker hotline for awhile, meanwhile, LulzSec started redirecting its number to legitimate companies, like the World of Warcraft hotline.

In honor of its 1,000th tweet, LulzSec last week of sorts, in which it admitted to "causing mayhem and chaos throughout the Internet."

But there are far more nefarious characters than LulzSec currently having their way with your data, the group argued. "Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game," LulzSec wrote. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly."

Still, in discussing its accountability, LulzSec said simply that "this is the lulz lizard era, where we do things because we find it entertaining."

Yesterday, however, LulzSec insisted that it's not all fun and games. "To all the eager and intelligent press, our tweets are lighthearted, but the work is ongoing hard. We have a lot of data to sift through," it tweeted.

On Tuesday, a 19-year-old suspected of masterminding recent hacks, leading some to believe he was the face of LulzSec. The group, however, denied any direct affiliation, arguing that LulzSec was, at best, , who was identified as Ryan Cleary.

Update: In late June, after a 50-day hacking spree, leaving the Anti-Sec campaign to Anonymous. For more, see ?

Communication: The majority of LulzSec's messages are sent via Twitter @LulzSec, though it also has a Web site at LulzSecurity.com. Recently, a Brazilian arm of the group popped up at @LulzSecBrazil.

Major Targets: Fox.com, PBS, Sony Pictures, Nintendo, FBI, CIA, Senate.gov, small gaming firms.

Symbol: The group's Twitter feed image features a stick figure holding a wine glass and sporting a moustache, top hat, and monocle.

Catchphrase: The group frequently refers to executing hacks "for the lulz," urging people to join the lulz boat and referring to its activities as lulz lizardry.

WHAT'S NEXT?

Neither group shows any signs of slowing down, and news of new hacks or targets emerges every day. Is there anything you can do to protect yourself? For the most part, Anonymous has targeted government sites and has not focused much on stealing and posting the confidential data of the average Web user. The same can't be said for LulzSec.

But as LulzSec points out, much of the trouble stems from the fact that across multiple sites, whether they're signing up for a newsletter or paying their credit card bill. If anything, these hacks should teach people to have multiple passwords for email, banking, credit cards, and online shopping. It can be difficult to remember multiple passwords, but it's better than having a LulzSec supporter hack into your Facebook account and change your photo to something obscene.

Also, many hackers will use your data to send phishing emails, in the hopes that you'll click on links and enter even more personal data. If you get an email that seems like it's from a legit source, like your bank or credit card company, don't click on any links. A company is never going to contact you and ask you to confirm your data via a Web form. If you get a phishing email, delete it; if you click on a link by accident, contact the company the message purported to represent to make sure there's no suspicious of fraudulent activity on your account.

For more, see , PCMag's , and .