Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


LulzSec Announces April Fool's End To Retirement

LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
They're back: The hacktivist group formerly known as LulzSec--whose members announced that they were calling it quits after a 50-day hacking spree and then continued their efforts with Anonymous and AntiSec--has announced that it will resume its attacks.

In characteristic Anonymous fashion, the group announced its impending return Saturday via YouTube video. "Several days ago we decided to swiftly bring back our humble hacking group and set sail towards the Interwebz once again, much to the dismay of corrupt governments and corporations across the planet. It's ridiculous to believe that by arresting the six prime members of LulzSec that you've stopped us. You haven't stopped us, you have merely disrupted the active faction," the video said in a computer-generated British accent.

The group announced that it would officially resume attacks on April 1, 2012. The video continued, "Lulzsec will start targeting governments, corporations, agencies, and quite possibly the people watching this video. We are here for the lulz, the fame, the anarchy, and the people."

The announcement was previewed one day prior via the FawkesSecurity Twitter channel in a tweet that read, "Expect something BIG and rather Lulzworthy very soon. CIA, FBI, Interpol, you're all on teh (sic) list." Wednesday, meanwhile, tweets from the same Twitter channel promised that "Anonymous will target national infrastructure" and create a "global financial meltdown" as part of what's been dubbed "Project Mayhem."

[ Are your security practices robust enough to keep hackers out? Read more at Anonymous Hackers' Helper: IT Security Neglect. ]

Still, as with so many communications related to Anonymous or LulzSec, questions remain. For example, is the April 1 date for the group's resurgence just one big hoax, and do the people behind the previewed Anonymous attacks have anything at all to do with the core group? Furthermore, it's questionable whether anyone claiming to be part of the LulzSec reboot was directly involved in the group's prior activities. Then again, just as anyone can claim to be a member of Anonymous, so too can anyone continue with--or pick up from scratch--the LulzSec mantle.

Whoever's behind the new campaign should be careful. Notably, law enforcement agencies, especially the FBI and Britain's Serious Organized Crime Agency, began locking up alleged participants in LulzSec-led attacks not long after the group called it quits, and they’ve been making multiple waves of Anonymous-related arrests ever since the group first began targeting MasterCard and Paypal in late 2010.

Many of those arrests don't look so surprising in retrospect, given the announcement earlier this month that the bureau had managed to flip Hector Xavier Monsegur, aka LulzSec, and Anonymous leader Sabu. In fact, Monsegur apparently worked nonstop as an informer for federal authorities from his arrest in June 2011 until earlier this month, when the Department of Justice unsealed a number of indictments in federal court that revealed the role Sabu had played.

Another hurdle for would-be LulzSec and Anonymous members who participate in attacks will be keeping their identities hidden. Notably, the FBI apparently identified Monsegur because just once (or possibly twice) he failed to anonymize his Internet connection, using a VPN client or the Tor network, before connecting to an IRC channel.

In related news, another YouTube video produced by Anonymous and released Monday announced the launch of "Operation Imperva," in apparent retaliation for the security firm Imperva having released a report about a failed Anonymous attack launched against a Vatican website.

This time, it's apparently personal. As an electronic voice in the Anonymous video said, "A video posted on YouTube states that Imperva perceives a large majority of the Anonymous collective as, in their words, 'a legion of idiots.' Anonymous sees this as a direct verbal attack on the collective."

In fact, the quote referred to came not from Imperva but from Cole Stryker, an expert on the 4chan message boards from which Anonymous sprang. "Anonymous is a handful of geniuses surrounded by a legion of idiots," he told the New York Times. "You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack."

Attribution aside, Anonymous has pledged to make life difficult for Imperva. The video stated, "This is a message to the Imperva security firm: Although we do not see you as any form of threat, we have concluded that your interest in us may become a mild nuisance in the future, therefore you yourself will now become a target."

Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report, Protecting Databases From Web Applications, we'll discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-04
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attac...
PUBLISHED: 2020-06-04
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
PUBLISHED: 2020-06-04
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
PUBLISHED: 2020-06-04
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
PUBLISHED: 2020-06-04
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded ...