LulzSec Rears Its Smirking Head in Military Dating Site Attack
LulzSec has claimed responsibility for an attack on a military dating site in which personal information on nearly 171,000 accounts was leaked. However, several top LulzSec members were arrested just a few weeks ago. The latest attack may have been the work of remaining members, or hackers who simply decided to pick up the banner and run with it.
03/27/12 11:58 AM PT
Nine months after shutting down operations -- and just weeks after several suspected members were arrested -- the LulzSec hacker community has apparently sprung back to life, hacking the website of military dating site MilitarySingles.
However, there's some controversy over whether that site had indeed been hit by the hackers.
LulzSec posted news of the hack on a Pastebin page and provided two sites from which details of the nearly 171,000 accounts it had stolen could be downloaded.
That was followed by an argument over the veracity of its claims on the site databreaches.net.
Earlier this year, law enforcement arrested 25 people suspected to be members of Anonymous, and the United States Federal Bureau of Investigation disclosed that a top LulzSec hacker with the handle "Sabu" was one of its informants.
So, has LulzSec really been resurrected, or is the amorphous hacker community just playing mind games with the world yet again?
You're in the Army Now?
LulzSec claimed that the MilitarySingles.com website was closed for a while and said it had dumped emails taken from the site onto Embedupload.
A comment on the databreaches.net site dated March 25 indicated that the website of Esingles, which operates the MilitarySingles site, had itself been taken down, and that the MilitarySingles site wasn't loading pictures of members onto its homepage.
However, Esingles responded the same day stating that there was no actual evidence that MilitarySingles.com had been hacked, sparking a response to the contrary from the admin at databreaches.net.
The MilitarySingles site was up and running when checked on Tuesday morning.
The Ghost of LulzSec Past
LulzSec announced via a video that it would be back April 1. Given that both Anonymous and LulzSec consist of volunteer hackers and have no clear hierarchy, it's uncertain whether LulzSec has been reconstituted for the attack on the MilitarySingles site or how that was done.
"Remember that old cartoon of a dog sitting at a computer terminal and going on the Internet?" independent security consultant Randy Abrams asked.
"On the Internet, anybody could claim to be whomever they wanted," he told TechNewsWorld.
The arrest of several people suspected to be members of Anonymous or LulzSec doesn't prove anything, Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
"Given LulzSec was an amorphous organization like Anonymous, assuming that all its members were arrested was likely wishful thinking on the part of law enforcement," Enderle pointed out. "Typically, a new group would like to rise under their own name and banner, but nothing prevents it from reusing the LulzSec name either, so I'd leave out all assumptions with regard to who this group is."
The Future Will Be Hacky
Think of these hacker communities as the digital equivalent of moles in a game of Cyber-Whack-a-Mole. They pop up anywhere and everywhere at random, and hitting a mole on the head doesn't stop the other moles from coming.
"The only way we'll find out who these guys are is, they always make mistakes and eventually get caught," Abrams said.
That's how Sabu, a leading member of LulzSec, apparently got caught. He reportedly logged into a chat room without masking his IP address and was nobbled by the FBI, which turned him.
More hackers may be waiting in the wings, Enderle suggested. "There are lots of disgruntled and unemployed software programmers with skills in the market at the moment," he said, "and many of them are young enough or angry enough that they might think of getting together in a hacker community without regard for the consequences."
However, the attack on the MilitarySingles site might not have been carried out by LulzSec at all, because "going after soldiers who are single seems more like a low blow," Enderle pointed out. "This suggests that it may have been done by someone that wants to destroy support for [hacker] groups like this."