If you haven’t heard of LulzSec, it’s probably time to do a little research. The now infamous hacker group is responsible for security breaches at an alarming number of high profile and supposedly secure sites as well as several private data leaks, all of which have gone unchecked by the world’s best and brightest law enforcement organizations. Part of what makes LulzSec (short for Lulz Security) so interesting is that the group has enjoyed widespread support for its efforts, most of which the group announces on its Twitter account. The support seems particularly strange, especially since LulzSec has done as much damage to individuals as it has to corporations. In fact, LulzSec just released information that could put another hacker in jail.
The group released private data for a web user who goes by the alias “m_nerva” after he allegedly leaked logs of the LulzSec IRC channel to authorities. The group followed up the leak by saying, "Remember this tweet, m_nerva, for I know you'll read it: your cold jail cell will be haunted with our endless laughter. Game over, child.” I think one could easily make the argument that m_nerva was already mixed up in bad news if his information could lead to an arrest, but the fact that LulzSec is directly targeting individuals attempting to aid in the group’s arrest makes for a scary precedent.
That’s to say nothing of the sheer volume of data the group is both exposing and acquiring. In a recent attack on SonyPictures.com, the group purportedly unearthed data from more than 1,000,000 user accounts, including “addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” LulzSec didn’t have the resources to copy all of the data, so it mapped out the company database for other hackers to dip in and take what they please. The group packaged the map with some 51,000 email accounts and passwords and distributed it via torrent. The release led to a slew of attacks across just about every internet service that uses an email address and password. Paypal accounts were compromised and ripped off. Facebook profiles were modified with pictures of every body part imaginable.
LulzSec claims that it hacks to expose the vulnerabilities in the system. The group doesn’t think the members are at fault for the data leaks, either. After the Sony leak, the group tweeted, "Hey innocent people whose data we leaked: blame @Sony.” I’m not going to touch the issue of fault here - there just isn’t time - but I do think its time people educate themselves about account security and password strength. The reason the Sony leak was a problem was that people used the same password for that site as for their personal emails, Facebook accounts, Amazon accounts (with one-click ordering enabled) and Paypal accounts.
If you’re thinking about waiting to beef up your security, reconsider. We’re seeing a new LulzSec attack almost daily - attacks that have absolutely zero regard for collateral damage - and the group’s ability to evade law enforcement has inspired a slew of copy-cat events. LulzSec has already promised that it will be releasing a load of data today. Here’s hoping my own info didn’t find its way into the mix.