50 Days of LulzSec Hactivism Now Over

   The most intriguing security event in 2011 (so far) has been the emergence of a coordinated series of attacks against major large enterprises and government agencies by LulzSec.  This may herald a major change in the types of attackers to expect in the future.

   The backstory from what we know is this: Lulz (a play on LOL or laugh out loud) Security (aka LulzSec) appears to be a small (6 person) group that split off from the larger group Anonymous.  Many security researchers believe that Lulz is comprised of highly skilled programmers and creative multimedia artists.  Similar (but not identical) to cyberterrorists {Chapter 1 Security+ 3ed}, their claimed ideology is, "We do things just because we find it entertaining."  Yet in reality it's not "entertainment".  LulzSec's attacks ranged from successfully attacking Sony several times (in retaliation for Sony suing a person for reprogramming his PlayStation 3 gaming console), PBS (for airing a documentary they considered unflattering to Wikileaks), the FBI, Fox, Nintendo, the CIA, Arizona's Department of Public Saftey, and several others.  On its website (lulzsecurity.com) it posts data it has stolen and encourages others to use the information (such as stolen account information and passwords) to play practical jokes.  During its height LulzSec created an effective strategy for branding itself and publicizing its exploits. Its Twitter feed (with more than 283,000 followers) and its Web site were the top attraction for tech journalists covering the latest in hacktivism (LulzSec had a new attack every 3-4 days). 

   LulzSec's did not encourage users to take any of the information they have stolen and use it for financial gain.  They also said that they were not responsibility for attacking the video game company Sega, and even offered to help Sega track down the real attackers.  Recently they joined back up with Anonymous and launched Operation Anti-Security (#AntiSec), declaring open cyberwarfare against big government and giant corporations. In their own words, "Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011. . . [Our] top priority is to steal and leak any classified government information."

   Today (Jun 28 2011) LulzSec announce that its 50 days of hactivism is over and they are disbanding.

   What can we now expect from this?  "Hactivism" will become part of our daily vocabulary.  We can probably expect to see more small, close-knit copycat LulzSec-like groups that successfully attack, loudly broadcast their feats, and then quietly slip away.  With the arrests of dozens of suspected Anonymous members in recent weeks it shows that a large group of attackers results in more secrets getting out (it's unknown if authorities are closing in on LulzSec's members) and puts them at risk of detection.  Small, close-knit hactivist groups will become more commonplace.

   Despite the time, money, and effort that is put into it, information security is becoming even more important today than ever before.

   Stay secure!

http://www.cengage.com/infosec