Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

LulzSec Announces April Fool's End To Retirement

LulzSec hacktivists use YouTube video to announce they'll reboot on April 1, despite arrest of six alleged core members.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
They're back: The hacktivist group formerly known as LulzSec--whose members announced that they were calling it quits after a 50-day hacking spree and then continued their efforts with Anonymous and AntiSec--has announced that it will resume its attacks.

In characteristic Anonymous fashion, the group announced its impending return Saturday via YouTube video. "Several days ago we decided to swiftly bring back our humble hacking group and set sail towards the Interwebz once again, much to the dismay of corrupt governments and corporations across the planet. It's ridiculous to believe that by arresting the six prime members of LulzSec that you've stopped us. You haven't stopped us, you have merely disrupted the active faction," the video said in a computer-generated British accent.

The group announced that it would officially resume attacks on April 1, 2012. The video continued, "Lulzsec will start targeting governments, corporations, agencies, and quite possibly the people watching this video. We are here for the lulz, the fame, the anarchy, and the people."

The announcement was previewed one day prior via the FawkesSecurity Twitter channel in a tweet that read, "Expect something BIG and rather Lulzworthy very soon. CIA, FBI, Interpol, you're all on teh (sic) list." Wednesday, meanwhile, tweets from the same Twitter channel promised that "Anonymous will target national infrastructure" and create a "global financial meltdown" as part of what's been dubbed "Project Mayhem."

[ Are your security practices robust enough to keep hackers out? Read more at Anonymous Hackers' Helper: IT Security Neglect. ]

Still, as with so many communications related to Anonymous or LulzSec, questions remain. For example, is the April 1 date for the group's resurgence just one big hoax, and do the people behind the previewed Anonymous attacks have anything at all to do with the core group? Furthermore, it's questionable whether anyone claiming to be part of the LulzSec reboot was directly involved in the group's prior activities. Then again, just as anyone can claim to be a member of Anonymous, so too can anyone continue with--or pick up from scratch--the LulzSec mantle.

Whoever's behind the new campaign should be careful. Notably, law enforcement agencies, especially the FBI and Britain's Serious Organized Crime Agency, began locking up alleged participants in LulzSec-led attacks not long after the group called it quits, and they’ve been making multiple waves of Anonymous-related arrests ever since the group first began targeting MasterCard and Paypal in late 2010.

Many of those arrests don't look so surprising in retrospect, given the announcement earlier this month that the bureau had managed to flip Hector Xavier Monsegur, aka LulzSec, and Anonymous leader Sabu. In fact, Monsegur apparently worked nonstop as an informer for federal authorities from his arrest in June 2011 until earlier this month, when the Department of Justice unsealed a number of indictments in federal court that revealed the role Sabu had played.

Another hurdle for would-be LulzSec and Anonymous members who participate in attacks will be keeping their identities hidden. Notably, the FBI apparently identified Monsegur because just once (or possibly twice) he failed to anonymize his Internet connection, using a VPN client or the Tor network, before connecting to an IRC channel.

In related news, another YouTube video produced by Anonymous and released Monday announced the launch of "Operation Imperva," in apparent retaliation for the security firm Imperva having released a report about a failed Anonymous attack launched against a Vatican website.

This time, it's apparently personal. As an electronic voice in the Anonymous video said, "A video posted on YouTube states that Imperva perceives a large majority of the Anonymous collective as, in their words, 'a legion of idiots.' Anonymous sees this as a direct verbal attack on the collective."

In fact, the quote referred to came not from Imperva but from Cole Stryker, an expert on the 4chan message boards from which Anonymous sprang. "Anonymous is a handful of geniuses surrounded by a legion of idiots," he told the New York Times. "You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack."

Attribution aside, Anonymous has pledged to make life difficult for Imperva. The video stated, "This is a message to the Imperva security firm: Although we do not see you as any form of threat, we have concluded that your interest in us may become a mild nuisance in the future, therefore you yourself will now become a target."

Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report, Protecting Databases From Web Applications, we'll discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
CVE-2019-17611
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.