LulzSec and Anonymous: Hunting for skeletons hidden in closets
by Steve Ragan - Jun 21 2011, 06:00LulzSec, announcing a partnership with Anonymous and anyone else who wishes to take part, declared an immediate and unremitting war against world governments and other agencies on Sunday. The mission is part chaos and part hunting expedition, as they are looking to expose skeletons hidden in closets.
They call this new era of chaos Operation Anti-Security or AntiSec for short.
“As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet Ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011,” read Sunday’s statement from LulzSec.
The target is anyone with a secret to hide, and the aim is to expose those secrets in the most chaotic way imaginable.
“Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannon fire anointed with lizard blood.”
LulzSec has already amassed a large list of high-value targets in their short existence, including Sony and PBS, along with the CIA and FBI. They have leaked passwords, email address, exposed security flaws, and defaced websites, all for the sake of amusement and embarrassment.
Anonymous on the other hand, single-handedly caused the meltdown of a government vendor, when they publically shamed HB Gary Federal, ultimately forcing their CEO Aaron Barr to resign.
Because of Anonymous’ attack on HB Gary Federal, a series of plots to target activists, unions, journalists, and even private citizens by U.S. Government contractors and agencies were exposed to the public. The aftermath of which is still being felt - thanks to ongoing Congressional investigations.
The two working together, ensures that on some level corporations, governments, and individuals themselves are sure to find their dirty laundry exposed for the world to see. The potential for damage, as well as reform, is compounded when one considers that anyone with an axe to grind is invited to the AntiSec party.
“Whether you're sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you're aware of the corruption, expose it now, in the name of Anti-Security,” the LulzSec statement added.
Starting things off, one of the first acts of AntiSec was to launch a Denial-of-Service attack against SOCA, the U.K.’s Serious Organised Crime Agency on Monday. In addition, a government site in China, jhq.gov.cn, was knocked offline as well.
“DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes,” LulzSec said on their Twitter account.
Sophos’ Graham Cluley commented in a recent blog post: “The question that everyone wants answered, of course, is ‘Who are the people behind LulzSec, and when will they be brought to justice?’”
Many have tried to guess, but there have been no confirmations or arrests made with the data published to the public. Security firm Imperva posted their thoughts on Sunday, linking names from public Anonymous IRC logs to LulzSec. Yet, those named by Imperva have been previously established as sitting on both sides of the fence, and absolutely nothing is known about them other than the names they use online. Otherwise, there would have been a major media push by law enforcement as arrests were made.
Odds are, law enforcement will never find the actual core members, and thanks to the wide disbursement of participants in the AntiSec game, the search’s difficulty just tripled. To be sure, someone will make a mistake, and a participant in AntiSec will be made an example of. The odds of that person being one of the core people within Anonymous or LulzSec won’t matter to justice system at that point.
Will there be any serious change because of AntiSec? It’s too early to tell, but it’s unlikely. However, the public - especially in the U.S. - is starting to grow impatient with the government, either for purely political reasons or the view that a person’s privacy is slowly being stripped away.
Case in point for many is the PATRIOT ACT, which was recently renewed.
“Anonymous and LulzSec are determined and they have significant numbers,” Michael Sutton, vice president of research at security firm Zscaler, said in an interview with USA Today. “And when attackers band together with a common goal they often succeed.”
At this point, security managers should ask themselves where things stand in their company, giving special focus to response and recovery plans, and tightening existing protections and controls.
It isn’t a matter of if an organization will be caught in AntiSec’s web, but when.
Comment on this Story