Poll: Do you find LulzSec's activities amusing?

Filed Under: Data loss, Denial of Service, Law & order, Vulnerability

The members of LulzSec say that they're doing it for the "Lulz" and their mission is to spread "fun, fun, fun".

LulzSec mission statement

How are they spreading "fun" into our drab IT lives? By hacking into company websites, exposing personal information and launching denial-of-service attacks against online games.

So, our question is this - are they succeeding in amusing you? Or are you just not getting the joke?

LulzSec
Sorry, the poll is now closed. But thanks to the 1500+ of you have shared your opinion.

It may be true that some companies have not defended their webservers properly, and are careless with their customers' data. But that doesn't make it right to act irresponsibly or break the law. There are better ways of getting issues like that resolved.

Even if the company isn't responding to your concern that their defences are weak, you could approach a journalist and demonstrate the vulnerability to them. They could then publicise the security hole in a responsible way - without putting innocent folks at risk.

Personally, I find it disturbing that so many internet users appear to support LulzSec as it continues to recklessly break the law.

If you still have something to say on the topic, leave a comment below. Whether you believe LulzSec are providing a valuable service by exposing weak security or if you think that their behaviour is irresponsible, we're interested in hearing your opinion.

, , , ,

You might like

46 Responses to Poll: Do you find LulzSec's activities amusing?

  1. Dman · 1140 days ago

    Spread the lulz!

  2. Juliothecesar · 1140 days ago

    LulzSec are providing a valuable service by exposing not only weak security but also strong security, now a days there is no secure at all. But in a near future security will be strong because hackers are contributing to make it better!

  3. NAS · 1140 days ago

    Just because they are bored and cannot think of anything better to do, they have to launch illegal hacking attacks on legitimate sites. I get bored, but I don't do anything to spoil other people's lives.

  4. Lulz......reigns..

  5. Jayton · 1140 days ago

    You are missing an option in the poll.

    "I don't find THEM amusing, but they're making a good point at how weak a lot of system security is."

    I don't think they're ' uberhackers ' and are using common exploits to gain entry, which is more concerning than uberhackers getting in, stealing info, selling it to their paying client(s) and never revealing the hack.

  6. Gman · 1140 days ago

    Although these are negative actions, they teach people people how insecure their actions are. For example one of the users email addresses leaked contained the password and answers to the secret questions within the email address itself, the regular users don't watch your good video on how to create a strong password or listen to peoples advice, so the only way left to teach these people is to slap them on the face and wake them up to the risks.

  7. Ethan · 1140 days ago

    If they really wanted lulz then go watch a freaking movie. You don't see me getting lulz by shooting hackers in the face with 3.5" magnum rounds and ruining their day.

  8. emsquared · 1140 days ago

    I honestly don't know why you are feeding them attention to begin with. That is all they want. They are not some elite group ... they use very common exploits that any Internet user can research. Especially SQL Injections. Oh

    • Sizzle69 · 1140 days ago

      I think perhaps that is the point. If they're known exploits why have these companies not configured their infrastructure correctly or patched against the threat? I'm don't really know if I support them but surely we should be aware that the data we have stored with them is not secure against common exploits.

  9. Beeuwen · 1140 days ago

    I am not a security EXPERT, rather a security hobbyist. Let me start by saying I used to be fan of Lulzsec, albeit agreeing that what they are doing is illegal, and I have no doubt they will eventually get arrested. I Also agree with the article that was written a few weeks back about a majority of the security industry secretly rooting for Lulzec, I used to. They are fun, and amusing to watch, and in a sense they were exposing security weaknesses. However, lately I believe they have become "drunk with power" and are becoming reckless and dangerous. It was "fun" (even though we can’t openly admit it to the guy next to us) to watch them take out porn sites, fight for the individuals without voices and do damage to mega companies that "deserve" it [If you're the type who are anti capitalistic]. Recently I must admit, they have started losing my respect. Its one thing to be the unsung cyber superhero of the internet, but power corrupts. They have now become the somewhat known cyber superA##holes of the internet. Does this bother them? Probably not, this just goes to reinforce above mentioned statement. Sure I waste a few hours a week of my life pretending to achieve something in EVE Online - is this why I wrote this comment, after CCP got hacked and forcing me to use a hour of my life to do something ACTUALLY productive? - I would like to believe not. (Though wives and girlfriends, perhaps even some husbands all over the world probably became secret admirers of lulzec after their usually vegetative-state spouses were forced to spend some time with them) In time Lulzsec will be brought to justice and in time another super cyber villain disguised as a hero will rise, claim fame and fortune, gain a few secret supporters, show their true colours, and get arrested. Rinse and Repeat.

    • Shakerskully · 1140 days ago

      Well said, surely there is s difference between exploiting security holes to force the owners to tighten security (yes it's illegal, but also a 'sort of' public service), but why a DoS on a gaming website? This just seems to be look at what I can do, did I read that they were choosing the site to attack through a forum, if so then the whole public service idea goes straight out of the window, and are we just not left with a bunch of internet bullies?

    • ANBU · 1140 days ago

      You are right.. You've written what I wanted to(Other than EVE online part).. I like them for their hacking talent and using it against Powerful Co-op.. But DDoSing is annoying.. That is not actually needed and not at all fun.. According to me, If they wanna attack some one, there must be a valid reason, not just for fun..

  10. Robert · 1140 days ago

    Unfortunately, despite going for the cheap laughs, what they are doing is affection millions of lives and is no longer a joke, or kids just playing around. It is a shame to think that with the resources this country has, we have not taken these criminals down.

    • Ben · 1140 days ago

      Due to the very nature of the Internet it makes cyber criminals very hard to track down.

  11. joe · 1140 days ago

    The answer I would have preferred to tick:

    "No, I don't approve, but they are still making a serious point about security."

  12. NotsoFunny · 1140 days ago

    For those that are being entertained by Lulzsec, you may want to be careful about supporting their activities. When you attack any organization that provides a good or service to people and thus cause them to invest more money into breach notifications, 3rd party vendors, system upgrades, etc this drives the price of the good or service up or causes the company to stop rendering this service to it's customers.

    Sure, sure, the companies that were breached will give you something "free" for now. But basic economics dictates that if you were spending $50 to produce 1 widget, but now with all security costs involved it now costs $75 to produce 1 widget, the extra $25 dollars goes right to the consumer.

    Please don't get me wrong. You should ensure that you have proper patch management, proper change management, and proper security management. Those costs should already be involved. The costs I'm talking about are in direct response to breaches.

    There are better ways to motivate corporations into proper security practices. The only people Lulzsec are truly hurting are consumers. Don't be fooled to think that all of the cost that Sony has spent on their ± 19 breaches will just come out of their own pocket. I would not be surprised to see a rise in costs down the road.

    Let's also not forget the costs to credit card companies reissuing cards, identity theft monitoring, etc. The credit card companies will gladly feed those costs back into interest rates.

    These are just my observations and opinions.

    • Peter · 1140 days ago

      "Don't be fooled to think that all of the cost that Sony has spent on their ± 19 breaches will just come out of their own pocket."

      True, but before any breach Sony said that the PSN was secure. We trusted our personal details with them. This was proven not to be the case. It wasn't secure.

      It was then claimed by Sony to be a one off. Not true as we saw more and more areas of Sony getting breached.

      We've got be be able to trust 100% that our details are SAFE.

      Ok so the cost to the consumer will probably go up in order to make sure it is secure. But there would have been a bigger longer term cost to the consumer if people could continue hacking and stealing our details, from either Sony or the banks.

    • Matt · 1140 days ago

      Exactly. I think people can see through the 'leak 20 million customer credit cards to stick it to the big company' mentality. Lulzsec is just taking common vulnerabilities and using them in cases where the rest of us had too much moral fibre. Yes, it might have given those companies a kick in the pants, but the costs involved in crisis management are going to flow straight onto the consumers.

  13. Peter · 1140 days ago

    emsquared - "They are not some elite group ... they use very common exploits that any Internet user can research. Especially SQL Injections."

    @emsquared - and that's the point. So long as Lulzsec continue in the way that they are and just highlighting problems by proving that there are problems then we should all really be happy with this. These places that Lilzsec are exploiting are companies that we are placing our trust with in order to hold our personal details securly. The fact that Lulzsec can penetrate these defences with such simple techniques is, quite frankly, shocking.

    These companies are like you leaving all your personal details right next to your front door on the inside of your house and then shutting the door but not locking it or putting it on the catch.

    Whereas a lot of criminals would open the door and nick your stuff (which shows obviously they got in), Lulzsec simply put a note on the inside of the door (to prove they were there) without taking.

    What would you rather:
    a) Lulzsec test the security of places we truest with our details and highlight problems
    b) You place blind faith in the company when they say "don't worry, it's secure"

    • Matt · 1140 days ago

      But getting hacked is the one thing we are trying to protect ourselves from. Lulzsec isn't testing security, they're leaking credit card data. Would you rather trust your credit card to a big company or a hacking group?

      • Peter · 1140 days ago

        At the moment....neither really.

        We should be able to trust these big companies when they say our details are secure. But we have people and groups finding ways in.

        I'm glad that after Lulzsec hit the NHS (IIRC) that my details on there will, as a direct result, now be more secure. Ok so NI contributions may go up a tiny amount, but rather that than have my personal details and medical history stolen and sold to the highest bidder.

  14. matt · 1140 days ago

    They're gonna get caught, they've made the mistake of getting a high profile.

    Also what's the point of hacking minecraft?

    • David Davidson · 1140 days ago

      They didn't "hack" Minecraft. They DDOSed it - there's a huge difference.

      And the point is that there is no point; it was just suggested by someone and they did it. That's all there is to it.

  15. The Devil · 1140 days ago

    O.o I had vote 666... hehehe go figure.

  16. David Davidson · 1140 days ago

    The numerous Sony-related breaches were amusing. Running a phone switchboard and asking everyone for targets is just pathetic. Not amusing, not cool, not impressive from a technical point of view. They're just confirming what some people thought all along; they're a bunch of idiots swiping at low hanging fruit.

  17. Morpheus · 1140 days ago

    I just think at what they did was unbelievable and it should not be attempted the plus side is that they showed where they gaps were in the security of several large companies but to do that its shocking but it shows where improvements can be made in terms of over all security but with Sony...they were so cocky about having next to no security on PSN that they got hit hard there, if Sony does not sort that issue out there, they could take a major blow on the stock markets maybe even become bankrupt because of this all

  18. Marmaduke · 1140 days ago

    One or more of the Lulzsec crew are British or had a colonial education.

    Language in the twitter feed shows this, as does the html of the lulzsecurity.com website.

    As to the question posed by Graham: their mouthpiece is quite a wag.

    The high they are on is palpable. That lust for attention may be their downfall, as they are going to have to get even bolder to top each event. Eventually they will make a mistake, or get shopped by an insider.

  19. daswqad · 1140 days ago

    LulzSec the unskilled Wannabe Kids :D

  20. abadidea · 1140 days ago

    Minecraft was the bridge too far that made it personal. There is absolutely nothing funny, amusing, cute, or clever about attacking indie game servers.

    And remember, there was nothing "insecure" about Minecraft. They didn't need to be taught a "lesson." These punks just ddos'd a game enjoyed by millions for absolutely no reason.

  21. John Draper · 1140 days ago

    Way to split the Yes vote into two.

    • I think we're all capable of adding them together if we want to work out what proportion of folks think LulzSec is funny.

      But we did want to recognise that some folks think they're funny, even if they don't approve of what LulzSec is doing.

  22. Notahacker · 1140 days ago

    Amusing...meh. Not really.

    But they are pointing out how easy it is to exploit simple security loopholes. Personally, I would prefer my professional security analysts to do that for me but it is obvious that the targetted firms are not. They have people on the payroll to prevent this (the Minecraft DDoS not withstanding) and it seems to me that these companies are paying people for nothing.

    Funny no...disturbingly easy? Most definitely.

  23. Clash · 1140 days ago

    I might have some modicum of respect for them if they were actually doing it for the consumers or trying to make a point about corporations, but to me they're only doing it for selfish reasons and to feed their egos. They do it for the "lulz" as they say, for their own self amusement. They're jumping on the bandwagon of what Anonymous and other groups before them have done. They're nothing special, they're just following in the footsteps of other trend starters, they just lack the self control and insight to know when to stop.

  24. jessi · 1139 days ago

    why do this.. "They could then publicise the security hole in a responsible way - without putting innocent folks at risk.".. when you can do it the lulzsec way-- and graham & co. come to publicize you!

  25. I'm not sure I understand. How has nothing happened to them yet?

  26. The problem is the only point some of their attacks make about security is how many infected machines they can get into a bot net. Using a bot net to perform a DDoS on someone really doesn't show much about the targets security in itself and just causes additional cost in disruption and extra infrastructure even if those companies employ relatively secure practices.

  27. Guy · 1139 days ago

    Whether they disclose the issues on their own or via a journalist they would have committed the crime already. The disclosure of private information is just an extra.
    I don't approve what they do because of the legal implications, but I do greet them for making all parties aware of the serious lack of secure systems, everywhere.

    I would encourage them to stop disclosing sensitive information, though. That's only going to make things worse for them.

  28. Okay so they caused cia.gov to be hung up.. just how much DDoS to a web server until the CIA / FBI gets pissed off and does something about it? This stuff happens every day but "Lulzsec" appears to be the only group that boasts about it like morons. 5-20 years jail time worth it?

  29. Adrian · 1139 days ago

    I'm sitting on the fence here. I'm not convinced that what they're doing is right, but equally, I don't agree with the assertion that "There are better ways of getting issues like that resolved."

    Far too many companies just do not care, they implement poor security and they will still do nothing about it for months after being told about it "the proper way." Hitting them where it hurts seems to be the only way to make them care.

    An example from our corporate email "Please click on the following link to access the survey online via a secure website http://www.@@@@@.com.au ..." No HTTPS, nothing, just an assertion that an HTTP link in an email is "a secure website"

  30. Lulzcow · 1139 days ago

    Lulzsec is nothing more than a bunch of skiddies (script kiddies for those who don't know), which makes this kind of a mixture of hilarious and terrifying at the same time. I mean, sql injections? What, are these companies' IT departments just sitting on their hands all day?
    Also, I would have like to have voted "I don't care about their point, i just find it lulzy."
    Also, as far as DDoSing Minecraft, LoL, Eve, etc. It's simply about being bored in the downtime between the big raids. Trolling 101, infuriating video game nerds. DDoSing these servers is a huge source of lulz. I mean this isn't hard to understand. Lulzsec wasn't, isn't, and never will be the internet security white knight. so I don't understand why anyone is shocked. Besides, it's only a DDoS, which means what? A few hours of downtime at most. Oh boy life = ruined.

  31. JohnyBoy · 1139 days ago

    Oh my god, a security company that doesn't like a group of hackers? Your article has not moved me one bit because you are clearly biased, anyways the best way for companies to learn their damn lesson is to be humiliated with a data breach. I'm keeping my eye on the releases to make sure my info isn't gathered, but I use a different password for everything so it's all good :D

  32. Zimzamzim · 1138 days ago

    Like that twit Assange, they all need to be locked up and the key thrown away!

    They are common criminals with illusions of grandeur.

    How ironic is it that these people think that it's OK to release the personal information of thousands (millions) of people on the INTERNET (for the whole World to see), yet their own identities remain anonymous?

  33. kafeine · 1138 days ago

    +1 @Jayton

    he said :

    You are missing an option in the poll.

    "I don't find THEM amusing, but they're making a good point at how weak a lot of system security is."

    I agree with what he said. Your poll mean nothing.
    The only way to say it was making a good point of security was to say it was funny....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.