Hacktivist group seeks 'satisfaction'

The rapid ascension of the hacker group LulzSec may signal a revival of cyberattacks carried out primarily to humiliate companies and government agencies. After twice disrupting the U.S. Senate's website last week, then knocking the CIA's website off line, LulzSec on Friday issued a press release via Twitter declaring: "This is the Internet, where we screw each other over for a jolt of satisfaction." It's no idle rant. LulzSec  which appears to have splintered from renowned hacktivist group Anonymous  has also successfully hacked Sony several times, as well as the FBI, Fox, PBS, Nintendo and others. The Sony hacks stemmed from the entertainment giant suing a young hacker, George Hotz, for reprogramming his PlayStation 3 gaming console; the PBS hack followed the network's airing of a Frontline documentary LulzSec deemed unfair to WikiLeaks, the anti-secrecy group. LulzSec says it is not seeking criminal profit nor participating in cyberespionage. "We do things just because we find it entertaining." The group's name is a play on LOL (laugh out loud) Security. It issues bombastic press releases, produces animated videos, and uses a mustachioed cartoon character as a logo. Yet behind the surface frivolity lies a smooth-running campaign orchestrated by highly skilled programmers and creative multimedia artists, security analysts say. The group maintains an impregnable website, lulzsecurity.com, where it posts data stolen as part of its escapades. Indeed, on Friday the group posted 62,000 random e-mail and social network account logons — with passwords. In the accompanying statement, LulzSec appears to encourage folks to use the logons to access the accounts and play practical jokes on the account holders, says Josh Shaul, chief technical officer at Application Security. "It's a good reminder that we need to use strong passwords for all of the online systems that are important to us," Shaul says. Groups like Anonymous and LulzSec are viable due to a confluence of developments, says Michael Sutton, vice president of research at security firm Zscaler. Role-paying video games and social networking have made collaborating with complete strangers second nature. Powerful, easy-to-use hacking and hiding programs are readily available; and corporations haven't kept up, he says. "Anonymous and LulzSec are determined, and they have significant numbers," Sutton says. "And when attackers band together with a common goal, they often succeed." As hacktivist groups rise in profile, copycats will likely emerge, says Marcus Ranum, chief security officer of Tenable Network Security. "That's part of the transition we're seeing," Ranum says. "There's a tremendous amount of resentment against this idea that corporations own the Internet."