Why the Latest, Hottest Hacker Group May Never Have Existed.
I’ll admit it. Like many of my colleagues, I’m a sucker for a great story. Sure, I run it through the standard fact-checking traps, and try to question and independently confirm each detail. And always, I remind myself that if it smells too good to be true, it probably isn’t.
Still, sometimes I get taken in. And other times…I’m not quite sure.
Latest case in point: LulzSec.
Now, if you’re in any way tuned in to the latest Internet happenings or follow cyber-security issues, you’ve been hearing a lot about LulzSec of late. If not, here’s a short primer: when they popped up on the hacker scene just a few months back, it was hard to know what to make of them. First, there was its mascot. Unlike Anonymous’ iconic empty black suit, or taunting Guy Fawkes mask, LulzSec’s logo was a somewhat snooty-looking creature, complete with top hat, monocle and a glass of wine. Then there was its name – “Lulz Security” or LulzSec for short – suggesting more mischief than activism. As we discussed in an earlier post:
“LulzSec” appears to be a collective venture whose main goal is making trouble – or in their own words, “causing lulz.” In the lingo of the Twitter Age, ‘lulz’ is a variant of ‘lol’, which means “laugh(ing) out loud.” However, while a lol might be applied to a joke or funny picture in appreciation of something mildly amusing, a lulz has come to mean laughs at the expense of others. A cute kitten picture prompts a lol; someone who has their accounts hacked and private information exposed is a lulz.”
But few were laughing once LulzSec got up and rolling. They’re widely credited with engineering a major hack of Sony’s Playstation Network, exposing the private information of potentially millions of players. Sony was so embarrassed by the attack that the chief corporate officers offered a rare public apology, bowing deeply before the press. And the attacks didn’t stop there: among LulzSec’s other targets: the U.S. Senate, the Arizona Police Department, Fox.com, the FBI, the Public Broadcasting Service, the state of Brazil, and the CIA.
Then came the public questions as to whether LulzSec was a group of disgruntled Anonymous hackers, and whether the two groups were fighting with each other. Unlike Anonymous, which tended to target opponents more for ideological reasons, LulzSec seemed happy to embarrass anyone, releasing reams of private information and generally making a lot of mischief on the web for, in their words, “…the lulz.”
Few were amused as authorities increasingly tried unsuccessfully to target the group. Last week British authorities arrested a 19-year-old man they said was behind several LulzSec hacks – a claim challenged on LulzSec’s taunting Twitter feed:
“Seems the glorious leader of LulzSec got arrested, it’s all over now…wait…we’re all still here! Which poor bastard did they take down?”
It was a typical LulzSec tweet – part threat, part boast. With it’s mix of teenage braggadocio and security smarts, LulzSec had quickly became a media darling, inspiring hundreds of stories. And for a time, it seemed no agency could stop them…until they stopped themselves.
“We are Lulz Security, and this is our final release, as today marks something meaningful to us,” they posted on their website:
“50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us….So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”
And with that, the lulz were done and LulzSec was gone.
Or were they?
“I actually think that it’s all traceable to kind of a smart p.r. strategy for the people running this,” says tech writer Adam Clark Estes. Writing this week at TheAtlanticWire.com, Estes began noting the many similarities in public statements by Anonymous and LulzSec, the frequency that their Twitter feeds directed back and forth to each other, and other more opaque clues that LulzSec and Anonymous were closer than previously imagined, including comments from hackers familiar with both groups:
“I talked to a hacker named ‘Topiary’ earlier this year,” Estes told us, “who was identified by Gawker as a leader of LulzSec. I got in touch with ‘Topiary’ because he did a radio show in which he was interviewed alongside the Westboro Baptist Church, and in the course of the interview he actually took down the website of the Westboro Baptist Church, which was a great ploy because you could watch the five minute radio segment and watch this hacker at work. And in talking to him, things like that didn’t really interest them; they kind of did it for attention but were much more interested in what was happening in the Middle East and in governments trampling on their citizen’s digital rights and censoring the Internet.”
And then this week the website of the Tunisian government was briefly taken down by a new group called “AntiSec.” Both organizations now seem to be speaking warmly of the “AntiSec” hacker group. Another clue: Anonymous’ “Guy Fawkes” mascot now wears the top hat and monocle of LulzSec. The two groups seem so cozy, in fact, that many are now wondering whether LulzSec was actually ever a group at all, or more just a trick by some members of Anonymous to divert attention away from itself while pranking the media.
“I think that’s safe to say,” Adam Clark Estes tells us, “and if you really sort of read deeply on the coverage it’s quite apparent that LulzSec grew out of Anonymous and never ventured too far. I think the use of an off-shoot was really effective in drawing attention away from Anonymous, at a time when maybe they were trying to organize more support for the movement coming up. I think in general even based just on the name LulzSec and their stick-figure mascot who talks in a French accent that it’s their intention to fool us. And I think that especially doing a close read of the different kinds of coverage and inconsistencies you can see that they’re tricking not only the public but even journalists who are trying to keep up with what they’re doing.”
So was I, like Estes and thousands of others, fooled by a flashy hacker group that seemed to be a story too good to be true? At this point, only LulzSec knows for sure.
You can hear our interview with Adam Clark Estes by clicking here: