LulzSec Signs Off, But Attacks Don't -- And Won't -- Stop

The LulzSec hacker group signed off over the weekend after 50 days of publicly wreaking havoc on a wide range of victims, from Sony to the CIA. But the attacks are far from over.

Anonymous -- the group from which LuzSec spun off -- late today dumped what appeared to be close to 90 stolen internal corporate network IP address blocks onto Pastebin, including those of Disney, Viacom, and Sony, as well as pilfered usernames, email addresses, and password hashes of more than 500 users. The group also warned that it will announce an even bigger hack later today.

Meanwhile, LulzSec's announcement that it shut down might not mean much in the long run. Anonymous today was basically picking up where the splinter group had left off, with an active Twitter feed via its AnonymousIRC account. "We like to clarify again: All LulzSec members are accounted for, nobody is hiding. Only a name was abandoned for the greater glory #AntiSec."

Security experts speculated that individuals associated with LulzSec were facing exposure or potential arrest in the wake of the arrest of Ryan Cleary, the U.K. teenager who allegedly ran an IRC channel used by LulzSec members, and the high-profile targets they had hit recently -- the CIA, Infragard, and Arizona police. Another theory: They are just moving their efforts under the AntiSec or Anonymous banners and taking on a lower profile. Or it could all be a hoax meant to grab media attention, expert say.

Karim Hijazi, founder at Unveillance, whose company was targeted by LulzSec last month, says whatever the reason for the LulzSec departure, even if the announcement is just a hoax, the group has left an impression. "I still think that they have created a substantial impact on the public and have them thinking that they can hack behind some popped proxies, a few free VPNs, and get away unscathed. Well, at least for the moment," Hijazi says.

Researchers at Imperva, who have been closely studying and profiling LulzSec membership, today said that LulzSec's demise was "inevitable." "During this week they tried to cover up themselves in order to avoid arrest by: regrouping with anonymous; creating the ‘antisec’ operation; and falsely claiming the UK census was hacked as a “red herring," blogged Imperva's Rob Rachwald.

Joshua Perrymon, a researcher and CEO of PacketFocus, says LulzSec initially broke off from Anonymous so its attacks wouldn't appear to be coming from Anonymous. He expects more splinter groups to help keep Anonymous going: "But it’s the same guys, and they just made up Lulz. What we will see is them making up new group names, then doing a bunch of hacks, then shutting down. But they are all still a part of Anonymous groups as a whole," Perrymon says.

When LulzSec attracted too much attention and law enforcement heat, they just folded back into Anonymous and AntiSec, he says.

LulzSec's farewell message over the weekend urged others to keep up the attacks. "We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve," the post said.

LulzSec also reiterated its intent to "entertain" with its disclosures: "For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy," the group's posting said.

One of LulzSec's final acts was the breach of more than 11,000 users and passwords on the North Atlantic Treaty Organization (NATO) e-bookstore.

In an interview earlier this month, Marcus Ranum, CTO at Tenable Security, said there appears to be a trend of these hactivist hacker groups popping up. "I find it fascinating," Ranum says. "I'm a little bit of an anti-government [person]. With the activity that I watch surrounding Anonymous, I honestly wonder if this is the early stages of backlash against government powers intruding further into cyberspace."

LulzSec had an anti-authoritarian ideology, but it wasn't well-articulated, he says. And going after the FBI's Infragard site might have been a bit too bold: "Tweaking the FBI's nose is probably asking for an over-the-top response," he says. Even so, the takeaway from the LulzSec and Anonymous hacks is that it should be a wake-up call for any business only "doing PCI stuff."

"If someone really talented goes after you, they will burn through your security," Ranum says.

Whether law enforcement is able to catch LulzSec or Anonymous members is the question, and experts say their copycat and splinter groups will keep emerging. The bottom line is that Anonymous has been and will continue to be a moving target as its membership ebbs and flows, depending on its latest target. A tweet earlier today from the AnonymousIRC account basically said as much: "Dear Media: This account is NOT Anonymous as a whole. That is impossible. We are merely an observer who reports current events. Please note."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.