UPDATE, 6/21/11: In a new development, the London Metropolitan Police today reportedly has confirmed the arrest of a 19-year-old man in connection with the hacking of Sony, leading to speculation that this could be the first big LulzSec bust. According to a CNN report, the man was taken into custody for allegedly hacking into systems and waging denial of service attacks against "a number of international businesses and intelligence agencies," according to law enforcement officials.
Meanwhile, the first victim of the new wave of AntiSec attacks was the U.K.'s Serious Organised Crime Agency (SOCA), whose website was down for a while today but is now back up and running. LulzSec took credit for the outage, but warned that DDoS was only one of its weapons. "DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes," the group posted today via its Twitter account.
But the group said via its Twitter feed today that a Pastebin post puportedly from claiming to have grabbed census data from the UK is a phony.
The loosely affiliated hacktivist group first announced its AntiSec intentions via Twitter and a posting on Pastebin Monday morning. "Welcome to Operation Anti-Security (#AntiSec) - we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word "AntiSec" on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships," the posting said, encouraging volunteers to join in the hacking of government agencies and banks and other major organizations.
"Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood," the LulzSec posting reads.
Meanwhile, Imperva today posted a profile of LulzSec based on information it has gathered in its own research as well as publicly available information on the group. LulzSec is a splinter group from the original Anonymous group, and is comprised of some of the main players who hacked Gawker and HBGary Federal, according to the profile: "The supporting evidence for is that the same nicks are used on both anonymous hacking related discussions (early 2011) and lulzsec (mid 2011)," Imperva's post says. "They communicate mainly via private IRC channels – and publish via twitter and pastebin. They mostly use Web application vulnerabilities as they used SQLi for PBS and (one of) Sony hacks. They also use automated tools to harvest databases called Havij, as we can see from the leaked PBS hack screenshots."
Among the members of the group, according to Imperva, are: "Sabu," who was also the HBGary hacker and appears to be the leader of LulzSec; "Nakomis," a developer who is "rumored to be one of PHPBB coders;" "Topiary," who heads up donations and payment for botnet and other services; "Tflow," who is rumored to be one of its hackers; "Kayla," a hacker who owns a large botnet; "Joepie91," the website administrator; "Avunit," and "BarrettBrown," who Imperva identified as the groups spokesperson.
But Brown, who had been one of the only members of Anonymous to speak to the press using his name, says he has left the Anonymous hacktivist group and now runs his own group, called Project PM, an online activist entity. He was never part of LulzSec, he says.
"The guys who run LulzSec are prominent Anons themselves who simply broke off a while back to do their own thing but who still retain connections to Anonymous, so it looks like they simply put out a press release. Some number of Anons will join them, others won't," Brown says. "Personally, I'm glad to see that they're going after legitimate state targets again rather than merely causing trouble for private individuals."
Rob Rachwald, director of security strategy at Imperva, says it's unclear just why LulzSec spun off from Anonymous in the first place, but the group may have decided to work with Anonymous in this latest caper due to pressure on the group from other hackers trying to expose them.
Meanwhile, Jeffrey Carr, founder and CEO of Taia Global and author of “Inside Cyber Warfare," says the best way to defend against attacks from the likes of Anonymous, LulzSec, and others, is to be less predictable and inject more "randomness" into security. "I'm still very early on in this model … but injecting randomness into security would include a more aggressive [internal] red-team type of policy," Carr says, whose job is to attack as often and "ingeniously" as possible in order to stay ahead of the attackers.
"These guys would become competitors to LulzSec, Anonymous" and others, and they would report to a CSO or CEO, for example.
Carr says randomness would also entail less vulnerability disclosure in order to make software more secure. He admits the idea of quelling the disclosure culture of the security community is indeed controversial and would hit major resistance. "But we have to start examining how productive or unproductive that model is," says Carr, who blogged about his emerging "randomness" concept here today.
The success of the recent LulzSec and Anonymous attacks reflect the persistent state of insecurity today, notes Ashar Aziz, CEO, CTO and co-founder of FireEye. "Offense has surpassed our defensive capabilities," Aziz says. "We have a very reactive, list-based" approach, he says.
And many of the vulnerabilities being used in the recent wave of high-profile attacks have existed for some time, and the only thing keeping organizations safe before they were hit was pure luck, he says. "And we need to deal with the unknown attacks," he says.
While much of the goal for LulzSec and Anonymous has been to expose vulnerabilities in high-profile targets in a very public way, perhaps more dangerous is what others may do with the information that these groups have leaked. Taia Global's Carr says he worries about how information such as the usernames and passwords from the InfraGuard site accessed and posted online by LulzSec could be abused to do harm to the U.S. government or U.S. companies. "That's a gold mine from a national security point of view for foreign intelligence collection and exploitation," Carr says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.