Last night the infamous hacker group Lulzsec, short for Lulz Security, announced its retirement at the ripe old age of fifty days. See Eg CNN. During its short life this group of cybersecurity experts made headlines around the world. They broke into the websites of many government agencies, including the CIA, and many corporate and media webs, including the PBS web. They showed the security flaws, branded the webs with their logo (like graffiti that washes off), but did not really harm the sites, nor use personal data taken. They claimed to be having fun pointing out the security flaws in the Internet. Here is the full statement of Lulzsec announcing their retirement.
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow…
Lulz Security – our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe.
Just think, only six experts were able to hack into supposedly secure systems like the CIA that must have an Information Security department of six hundred. How embarrassing for them. Are we really helpless against just six hackers, who may, or may not, represent an elite in that group? Has our government been negligent? Have our corporate information security professionals been negligent? What happens when six-thousand foreign government hackers attack? We had better up our game. Our whole cloud based culture is at risk.
What is Lulzsec really up to? They say that they, and many others like them under the common name of Anti-Security, are hacktivists whose political goal is to expose corruption. Oddly enough the code for their web, Lulzsecurity.com, claims to have a registered Trade Mark for Lulz Security:
<title>Lulz Security® (LulzSec), the world’s leaders in high-quality entertainment at your expense</title>
The symbol ® means that a name is a registered U.S. trademark. I checked and there is no such trademark. So, apparently these hackers do not have a lawyer. Big surprise. But I digress. Here is Lulz Security’s official explanation as to why they hack.
… we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.
Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.
For more reporting on Lulz and hackers, reporting that is outside of the mainstream press, see The Hacker News whose motto is: Truth is the most powerful weapon against injustice. Also see this blog, the AntiSec tweats and the Lulz twitter. Please note my reporting on hacker activities and Lulzsec is in no way an endorsement, although, like Superman, I do endorse Truth, Justice and the American Way. I also endorse believing in yourself, but not doing stuff just because you can. I endorse humor and fun, but not the raw, uninterrupted, chaotic thrill of entertainment and anarchy without regard to law and the rights of others. See Eg pro-establishment hacker th3j35t3r (“The Jester”) and his blog.
This retirement of a band of hackers is no cause for relaxation of cybersecurity concerns. Everyone should remain vigilant. Not all hackers have semi-altruistic motivations. Not all rejoice in a jolly visage of rainbows and top hats. Some are malicious criminals. Some are agents of foreign governments. Some are sociopaths who will hack into your computer because they can and because they want money and power.
This can have a direct impact on our legal system in general and litigation in particular. Some litigants are not above hacking into their adversaries computers to win a law suit. This is a very real threat. They want to know the other side’s strategy. What better way to do that than surreptitiously reading their email, including their email to their attorneys? I personally know of two instances where this has occurred and the other side has been caught. Who knows who might be reading your email right now?
One final thing, if your email account starts sending emails for you to your contacts, this is serious. Close your account and start a new one. Run a full virus check. Zombie computers are a real threat to yourself and others.