Sophos Cloud Optix
The LulzSec hacking group has claimed it is disbanding, in a statement marking its 50th day of activity.
The hacking gang became notorious following a series of hacks and denial-of-service attacks in recent weeks against the likes of Sony, PBS, Infragard, SOCA, gaming websites, the CIA, the US Senate, and others.
LulzSec managed to amass a staggering 275,000+ followers on Twitter as it took the unusual approach of courting publicity for its strikes against companies and organisations.
In the run-up to the announcement, LulzSec said that it had a surprise in store:
https://twitter.com/#!/LulzSec/status/84746936275582976
Part of its apparent farewell statement, written in its typical jaunty nautical style, reads:
"Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love"
"Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon."
Accompanying the statement was a link to a downloadable torrent of what, LulzSec claimed, was their final haul of stolen data: hundreds of thousands of usernames and passwords for a variety of websites, including login details of players of the Battlefield Heroes game.
Once again, it appears that websites are not taking enough care over protecting users’ passwords. If you haven’t yet woken up to the risks associated with using the same password on different websites, now is the time to do so.
Inevitably there will be speculation that the reason for LulzSec’s apparent disbandment could be that they are worried that they have brought too much attention to themselves, and there are simply too many people (including rival hackers) attempting to uncover their true identities.
The temptation for someone connected with the group to blab about their involvement may be too great, and the chances of a member of LulzSec being careless and unwittingly failing to cover their tracks could be too big a risk to take.
Maybe, quite simply, LulzSec was worried that the heat was intensifying – and it was time for them to get out of the kitchen before the computer crime authorities caught up with them.
Earlier this week we saw one man, who may or may not be connected with the LulzSec group, charged by UK police in connection with the attack against SOCA.
If LulzSec’s demise can be taken at face value, some organisations around the world may be breathing a deep sigh of relief that they are no longer at risk of being the focus of the group’s unwanted attention.
However, LulzSec is just one – particularly vocal – group of hackers. Just because one of the most notorious hacking gangs may have gone the way of the dodo, does not mean you can afford to be complacent about your company’s computer security.
Despite LulSec's unconvincing attempts to convey the impression that they had planned this exit strategy all along, I just don't buy it.
Personally, I think they are jumping their fast sinking ship before they all drown.
even if that is the case (i truly don't think it is) they would be smart enough to quite while they can, there is nothing wrong with that 🙂 when it comes to illegal activity if you never plan to quite you plain to fail.
Is there a good way to find out whether any of your (gaming, etc.) accounts were part of the dump without downloading the torrent? What was the corporate txt file?
Perhaps they are like a caterpillar that will come back as a nasty butterfly. I think this might be the last we have seen of THIS incarnation, but I have no doubt there will be others.
i would suspect many of the members would join other groups or form there own (but i am only speculating)
Probably just going into hiding, or changing strategy. These types of people never go away unless the authorities catch up with them. What I don't understand is why don't they put their skills to better use?
In a world where information is ultimate power I only have respect for organizations like wikileaks. I just hope these smaller groups put their skills towards attemping to better society.
Very much agreed; these people (LulzSec) have been misguided and the world would be better if people with skills used them for the betterment of society.
However, Wikileaks is an organisation that publishes information without redacting identities of people potentially put at risk as a result of the original data breach.
It has done nothing of note to assist the person who has allegedly given them the most valuable data and refuses to request other misguided persons to suspend attacking organisations who do disagree with their operations.
Not exactly of high moral code is it?
The list of leaked accounts in searchable list at http://dazzlepod.com/lulzsec/final/
The “danger” is far from gone. Those nice young people aren’t hacking as LulzSec any longer, but they might be doing so as somebody else and SILENTLY.
There are many others who are surely doing so. I’m sorry I’m too old and ignorant to help them.
(Before I bought my first computer I heard the rules on how to behave online. With all those “no real names”, “no private pictures”, “change passwords” etc. And I’m just a middle-aged teacher.
Why didn’t companies who actually have something to protect listen to those rules? Why did Sony sack security staff prior to the attacks? Why could Anons and LulzSec break into their sstems EASILY? Why, why, why…)
Because security costs money, and that hurts the bottom line. Same reason why Fukushima 1 was still running despite it being ancient, same reason why in America they just loosen the regulations for nuclear power plants because otherwise these couldn't fulfil the safety requirements anymore.
people they are not "disbanding" , they are simply going into a bigger pool of hackers by joining Anonymous. They are announcing the "disbandment" to release some of the heat going after them but they have just become another arm for AnonOps. Its not like these guys are going to stop doing what they love to do and disappear and resume normal lives. They are just going more underground. Expect to see more lulz soon.
Someones Knocking At The Door.
I wonder if they understand they are now going to be hunted down for the rest of their lives until they are caught.
Probably to dumb to figure that out.
One thing that goes unmentioned here is that, in most cases, their peers undertake these same activities without the associated marketing campaign. Lulzsec aren't heros — but what they do already happens all over the net, all day long. They are simply drawing more attention to it.
And it has worked. My security team's budget has gone up, and we're getting a lot more action on some of these lame-brained security holes we've been griping about for ages.
For the moment, they're serving my purpose — if not necessarily anyone else's.