After 50 days of mayhem, the voyage is over for the LulzSec group in the US. Its cause, though, will sail on indefinitely.
So what can be learned from this wild round of Lulz attacks?
LulzSec or Lulz Security is a group of six hackers who slipped past the security of Sony, PBS, the CIA, Arizona’s Department of Public Safety and many more. This week, they voluntarily disbanded (or gave up before they could be arrested).The Lulz Boat, as they call it, has docked.
In its wake, though, is LulzRaft, the smaller Canadian operation with the same M.O. Via its Twitter, the Lulzonians indicate they will continue to hack.
“OPERATIONS AGAINST WORLD CORRUPTION WILL CONT.” LulzRaft tweet when the LulzSec cruise ended.
Condolences to those innocents who had to change their passwords or had personal information leaked, but having an attention-seeking hacking group around is not necessarily all negative.
There’s a common misconception that all this hacking is to get a few laughs/lulz – an idea the group members put forth themselves. But the antisec movement (that’s antisecurity) is more than crude anarchy. There’s an ethos, even though hackers involved don’t always follow it.
One goal is to hold up a mirror to internet culture and its addiction to scandal and entertainment. A loftier one is to bring attention to online security holes and the companies or governments that don’t care or know enough to patch them.
More than a decade old, the movement draws attention to flaws in security that could be exploited for purposes more evil than its own. “Hey innocent people whose data we leaked: blame @Sony,” read a tweet from LulzSec.
Classic hackers, eh? Not necessarily white hats, i.e. good guys, but not as nefarious as they could be.
The Lulzes have been hostile toward the press. When a reporter asked LulzSec for an interview, he got this reply: “sure. in which hole of yours would you prefer i stick my penis?”
I contacted LulzRaft by signing up for Hushmail, a Vancouver-based anonymous email service, and guessing the Canadian hacker(s) would be at lulzraft@hushmail.com.
I asked LulzRaft whether he or she was headed for shore or toward another publicity-netting hack. I was prepared for abuse.
“We’re not yet sure what direction we’re headed,” read the surprisingly civilized reply.
Earlier in June, it fooled the media and Conservative MPs when it broke into conservative.ca and posted a story about PM Stephen Harper choking on a hash brown. (“Prime Minister Rushed To Hospital After Breakfast Incident,” read the fake release.)
Isn’t it in the public interest to know security is a leaky operation in government circles? Doesn’t this highlight a larger security hole that needs to be patched?
When any group, company or organization has been hacked, it should be mandatory for it to reveal that immediately – a warning to the public that there’s been a breach.
This is already mandated by legislation in some states. Governments in Canada should follow. Or else all this security hacking is in fact just for lulz.
joshuae@nowtoronto.com
