COLUMN: LulzSec Internet hacking is not harmless fun
The British government, the Brazilian government, multinational corporations, U.S. defense contractors and the CIA — that’s one ambitious target list.
But whose? The Russians, the Chinese, the (gasp) terrorists? Who do we send James Bond after?
Turns out it’s a 19 year-old, among others.
On May 21, Ryan Cleary was arrested in alleged connection to recent hacker attacks by a group known as “LulzSec.” Cleary, a former member of another “hacktivist” group, was picked up in an operation conducted by Scotland Yard and the FBI, BBC reported.
But what is LulzSec, and why does it matter? Their website, lulzsecurity.com, describes them as “a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun.” That’s what “lulz,” a variant on LOL, means: It is an expression of general amusement.
Lulzsecurity.com oozes self-absorbed amusement. The text contains mocking references to Rebecca Black’s “Friday,” a truly horrible music video that took the Internet by storm, and an image of a longboat dubbed the “Lulz Boat” accompanied by the theme from “The Love Boat” cheerily playing in the background.
The group’s activities, however, go far past this general silliness. Earlier this year, Sony’s PlayStation Network, the online service for its PlayStation 3 game console, was offline for more than a month following a LulzSec-connected intrusion into their network. Millions of subscribers’ personal data was stolen, including credit-card information.
Their exploits also have included a (reportedly failed) hacking attempt on Lockheed-Martin, a U.S. defense contractor responsible for building the F-22 and F-35 fighter jets, among other things. The CIA’s public website suffered an outage, and PBS found itself with a defaced main page after they ran a documentary critical of Julian Assange, Wikileaks editor in chief. Other targets have included online game servers.
While I write this, the Brazilian government’s website is offline, with LulzSec’s Twitter feed claiming responsibility. Operations like this are mostly just an inconvenience, though I do not know what services Brazil offers through that website. More governmental and corporate websites are certain to suffer similar problems in the days ahead.
It is also certain that these organizations will attempt to fight back, as the above-mentioned arrest demonstrates. The members of LulzSec, whomever they may be, rely on the anonymity of the Internet and their own knowledge of how people are tracked across it. If and when they make a big enough mistake, or if the powers that be have better-skilled people in their employ, the group will eventually be found out and its members arrested, as was Ryan Cleary. It is important to note that LulzSec has denied his involvement in their operations, though it is unknown if that’s true. Regardless, this apparent failure on the part of law enforcement is fuel for ever more lulz.
And rightfully so. These illegal actions have no cause, no message behind them. Even if they did, it would be an inappropriate way of expressing discontent. This is the new face of modern vandalism and little more. What is amazing is the potential scope of the problem: millions of credit card numbers stolen. Multiply that by thousands of dollars worth of credit each, and you’re looking at the potential for billions of dollars’ worth of fraud.
Whether that data has yet been used maliciously is not known — credit card fraud is difficult to track. Regardless, the potential is there for information crimes of surprising magnitude.
LulzSec is a narcissistic bother, childishly lashing out at authority because it can. I hope it will be found out and disciplined before it grows into a sullen teen.