Continued from page 1
The shift to data theft was even more pronounced as a group of six individuals, under the name of LulzSecurity, went on a hacking spree for 50 days from May to June this year. LulzSec went after various Sony properties to expose the poor security practices still prevalent after the massive PlayStation Network and Sony Online Entertainment breach in April.
In subsequent attacks, LulzSec breached insecure servers at various media and software companies to harvest user names and passwords. The group publicised the information by posting it on Twitter, sharing it on Pastebin or creating torrent files for download.
While it continued to deface Websites (such as PBS.org and the Westboro Baptist Church) and launch DDoS attacks (on sites such as Britain’s Serious Organised Crime Agency and the United States Senate), LulzSec was increasingly stealing user data in the name of “lulz,” or entertainment. In its press releases publicising its attacks, LulzSec regularly chided government and big businesses for failing at basic security.
“What’s disturbing is that so many Internet users appear to support LulzSec as it continues to recklessly break the law,” said Chester Wisniewski, senior security adviser at Sophos.
“The one good thing coming from these hacktivist attacks is that they highlight the current state of security technology in organizations that are believed to have the highest level of security”, said Anup Ghosh, founder and chief scientist at Invincea.
LulzSec also blurred the line between exposing security issues and malicious activity, as the group came under fire for publicizing the personal information it had stolen after breaching Sony Pictures Entertainment and other targets. The individuals were victimized twice, first by having their accounts compromised and then by having their sensitive data leaked for other malicious parties to steal their identity.
“There are responsible ways to inform a business that its Website is insecure, or that it has not properly protected its data; you don’t have to put innocent people at risk,” pointed out Wisniewski of Sophos.
LulzSec and Anonymous also encouraged supporters to hack into, steal and publish classified government information from any source. On Twitter, various members claimed the attacks were necessary to expose the alleged lies and illegal activities governments were covering up.
Continued on page 3
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
View Comments
"In contrast, cyber-criminals want to stay unnoticed so that they can keep stealing."
This is absolutely correct. The one defining characteristic of Anonymous/Lulzsec is that they give media interviews about their attacks the next day. This desire for media, especially using a criminal act to draw attention, is very similar to terrorism. If there is such a thing, Anonymous/Lulzsec is the "harbringer of cyber-terrorism.