Monday, June 27, 2011


Sorry for the long absence, I had exams. But it's all over now and thats good. Time to relax!

Making new headlines around the world this week is this group calling themselves 'lulzsec' or Lulz Security with their tagline "Laughing at your security since 2011". They have hacked into and released many personal information (usernames, passwords, email addresses) from many different websites. Their first release was a database of FOX's X-Factor contestants back in May although members of this group may have previously been involved with the attacks on Sony where personal information have been stole. They do this to provide lulz - in other words, laughter at the expense of their victims in a Joker from Batman sort of way. They do not appear to be using these stolen data for criminal purposes (though the people they release this to may be).

Their methods of hacking include SQL injections and when that is not possible they do a distributed denial of service attack against their targets. Surprisingly many websites in this day and age are vulnerable to SQLi (including MySql's own website which is ironic). One of the goals in their hacking they say is to draw attention to this insecurity that exists. They also hacked various gaming sites which made everyone pissed off at them. Other times their goals seemed political when they attacked servers belong to corporations.

Some argue that this group is a false flag operation by the FBI or other government agencies. Many argue that lulzsec will provide governments around the world with the justification to lock down and censor the internet.

Other groups have accused lulzsec of being script kiddies - using simple scripts and making a big deal about it. Indeed the best hacking groups are the ones you never hear of. Compare that to lulzsec with its public facing website, a twitter account and even a hotline for fans to call in raid targets these people seem to be huge attention whores.

But lulzsec is now coming to an end. They are now in the spotlight of many law enforcement agencies and one arrest has been made in connection to the lulzsec hacks. Also they are drawing fire from many hacking groups and other script kiddies. They have now ended their operations, claiming they only intended to last for 50 days.