LulzSec has been pushed into the media spotlight, with more than 144,000 followers on Twitter this hacking group has captured the attention of everyone in the technology and security industry. They say “we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year,” and are doing it for the “lulz,” however many hacks have other motives.
7 May – 12 May
What Happened: LulzSec hacks into X-Factor databases and release the contestant database containing personal details. Fox databases and LinkedIn accounts also stolen and LulzSec takes over several Fox Twitter accounts.
Why:They pointed out to one Twitter user, that they do everything for fun after defending Common. “Fox called him a ‘vile rapper’; we call Fox common scum.” They also later published a security tip advising customers to not trust big companies saying “putting trust in large companies is foolish.”
What Happened: 3133 individual bank account details with private details such as location of transactions and amounts of transactions.
Why: In a press release a chat between the two administrators was published. Whirlpool, a pseudonym for one of the hackers, said “should we leak pointless ATM information?” In reply, Kraken replies “someone will find a use for it all.”
What Happened: The “innards” of a Sony database were published. They exploited a SQL vulnerability to gain access, similar to what happened to Sony BMG Greece.
Why: As part of a long running campaign, hacking groups have targeted Sony. LulzSec said “we just want to embarrass Sony some more”
What Happened: LulzSec gained access to passwords used in various PBS passwords and published a fake article saying that Tupac was found alive.
What Happened: LulzSec brings down 2600, a hacking magazine, IRC chat facilities.
Why: The Jester (th3 j35t3r), a hacktivist, attacked WikiLeaks and allegedly uses 2600 chat channels. This view was at odds with LulzSec who support WikiLeaks.
2 June and 6 June
What Happened: Music codes, coupons, SonyPictures customer details, SonyPictures databases, Sony BMG details and Sony Computer Entertainment Developer Network source code were taken in two separate events called Sownage 1 and 2.
Why: Wanted to continue embarrassing Sony, especially after the PSN data hacks which resulted in free games and the PSN been down for multiple weeks.
What Happened: Infragard, a FBI affiliate, targeted with website defaced, email logs and personal details of the owner, Karim Hijazi,
Why: They accused the company of corruption. They told “journalists and other writers to delve through the emails carefully, as we have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means.”
Black & Berg Hacking Prize
What Happened: Black & Berg set up a $10,000 prize for anyone who could change the picture used on their frontpage.
Why: Joseph Black had tweeted links to previous LulzSec hacks and made direct contact (via Twitter) praising the LulzSec group. LulzSec say the task was easy, saying they did it for the “lulz.”
What Happened: Emails and passwords of 26,000 people from user databases of pornography websites. Facebook later suspends all email accounts mentioned associated with the release.
Why: They say it was for “mild fun.” They asked followers on Twitter to try to embarrass members of the websites using the passwords on Facebook.
What Happened: Sophos said in a blog post that ‘some basic information on the filesystems, user logins and the Apache web server config files,’ has been stolen.
Why: Continuing their anti-government attacks. They reference that hacking was considered an act of war by the Pentagon (Wall Street Journal)
13 June (Bethesda Softworks) and 15 June (rest of the mentioned websites)
What Happened: Escapist Magazine, League of Legends, Minecraft, EVE online all faced a distributed denial-of-service attack. CCP Games, the creators of EVE online, take down all their websites to avoid data loss. The group brands it “Titanic Takeover Tuesday.”
16,000 Log-in Details
16 June 2011
What Happened: LulzSec releases the email addresses and passwords for 16,000 users. LulzSec says “these are random assortments from a collection, so don”t ask which site they’re from or how old they are.”
Why: The log-in details was a reward for using posting messages on 4Chan flooding the board with questions about Triforce.
20 June –
What Happened: LulzSec and Anonymous, distributed hacking group, start a project to release information about corrupt governments. They all the public to help them and set up multiple groups including LulzSec Brazil and Italy. This article does not investigate any further AntiSec hacks in this list, some of the targets have included NATO, music companies, Arizona Police? and the Turkish Government.
Why: The LulzSec brand continues in minor groups that may not have the same members of LulzSec. They say they hope the information can help expose corruption and start a revolution.
Member Arrested and Data Leaked
What Happened: Ryan Clearly arrested in a joint Scotland Yard and FBI investigation into the group. The FBI has also allegedly seized servers looking for LulzSec data after this date.
LulzSec also released the personal details of two member of the group after they tried to “snitch” on the group. LulzSec says these members were involved in illegal hacking activity.
What Happened: LulzSec says they are done with hacking after 50 days they said that behind the LulzSec brand they were people, reiterated support of the AntiSec movement and how much they enjoyed hacking saying it was “all to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love.”
What Happened: After a hiatus, LulzSec hacked in News Corporation’s The Sun. The newspaper website then redirected users to a website with a fake news story that Murdoch was dead, after consuming large quantities of chemicals. LulzSec are planning to release News of the World emails saying “we’re currently working with certain media outlets who have been granted exclusive access to some of the News of the World emails we have.”
Why: The Sun (a News Corporation tabloid) attack was clearly aimed at News Corporation which is involved in a phone hacking scandal which lead to the end of the tabloid, News of the World, where journalists was found to be phone hacking for stories.