With so many questionable reports circulating in the media, if you have a healthy dose of scepticism, chances are, you’ll have a good grasp of what is really going on. Another group has come forward to claim that they compromised LulzSec and plan to hand their details over to the FBI. Just hours after these claims surfaced, LulzSec set Friday as the date of their first document dump.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
It might very well be considered the fog of war if you are looking at the public relations front between LulzSec and those hoping to stop them. Already, we debunked earlier press coverage that suggested that the leader of LulzSec had been arrested by the UK police. It turns out, the person in question merely operated an IRC channel and was not exactly involved in the hacking activities carried out by LulzSec. Afterwards, media reports incorrectly blamed LulzSec for hacking Distribute.IT when a different hacker by the name of EVIL clearly took credit for it. It’s incidences in the media such as these that makes it much more difficult to search through and separate fact from fiction.
The Credibility Problems With Those Opposed to LulzSec
In addition to the multitude of reports with questionable accuracy is the growling list of people claiming to have compromised LulzSec. The earliest contender is WebNinja who posted content to PasteBin claiming that LulzSec is nothing more than a CIA operation. Call me overly sceptical, but isn’t calling another hacker group you want to take down government spies the oldest trick in the book to discredit them? Nevertheless, they claim that Adrian Lamo is the leader and members of LulzSec comprise of people from the media (“possibly Guardian”), and a CIA operative. They also posted a Whois of LulzSec.com which isn’t LulzSec’s official website. Isn’t it also entirely possible that Whois information can be faked as well? In a bizarre twist, after the accusations of LulzSec being CIA, WebNinja then says, “We all want to see LulzSec behind bars for their insane acts.”
It’s quite a strange combination. WebNinja, at one point, claims to know that LulzSec has members of the CIA on board, then in the next minute, they claim that they want LulzSec behind bars. To me, this doesn’t really add up, but there are plenty of people out there willing to take someone who has a grudge against LulzSec at their word.
WebNinja isn’t alone. Another group is also claiming that they compromised LulzSec. That report is coming from ABC which cites “TeaMpOisoN”. The article links to a blog which quotes the notice as saying, “No matter how many bots you gather, no matter how much people you lie to, no matter how much pre-made tools you use, you will _NEVER_ represent the real hacking scene, we warned you, we told you we do not make empty threats, we gave u 48hrs to secure your ircs yet u failed to do so, instead u posted hashes from public forums and then claimed you doxed us and laughed at the fact that i was 17years old. stop telling yourself that u are hackers, putting a ip into a irc is NOT hacking nor is using pre-made tools and scripts to grab databases… you do not represent the anti-sec movement, u are not allowed to greet underground groups like zf0, ab, h0n0, el8 like your member “AnonSabu” was doing, you will never be apart of the underground scene, if anyone thinks you are underground and can actually hack they have no idea about what happens in the underground scene. oh and TeaMp0isoN Issue 2 is coming out VERY soon exposing lulzsec members (pictures, addresses, passwords, ips, phone numbers etc). . . . not so anonymous anymore are you? lets hope that you can swim because the lulzboat just got titanic’d…”
That blog was kind enough to link to the original page in question. Unfortunately, the page is now nothing more than a 404 error page (presumably because the defaced page was taken down). The problem I have with this is not that I can’t find the original source of the message in question, it’s that LulzSec hasn’t been taken down yet. If a hacker wants to take down another group, why boast about something that they are going to do? I think it’s a pointless exercise because it amounts to little more than chest beating in the end. If hacker groups want my advise in dealing with LulzSec, it’s this, “Shut up about talking about taking down LulzSec and take them down already.” (Or to borrow from “The Good, The Bad and the Ugly”, “If you’re going to shoot, shoot! Don’t talk!”)
Hackers aren’t the only ones doing the chest thumping though. Just check out the following quote from (Ironically) The Guardian:
the members of LulzSec are either modern-day versions of Arsène Lupin, Maurice Leblanc’s fearless gentleman thief for whom the risk of capture was part of the thrill, or they’re absolute, grade A imbeciles (spoiler alert: it’s the second one). We’ve all seen enough movies — which is to say, the first 10 minutes of Sneakers — to know what happens when you mess with the UK government. Any day now, in Wales or Warsaw or Wasilla, a spotty kid in a V for Vendetta T-shirt will be dragged from his parents’ house at gunpoint and bundled — sobbing and pleading that it was all a joke — into the back of a van.
This might speak for itself, but just in case, I think this shows that some people such as the person quoted above aren’t any more mature than the very people they purport to despise. It’s even more depressing that this comes from such a high end online news site to begin with.
Perhaps a lot of this shows that anyone who is opposed to LulzSec is only capable ot hurling insults at them. If that’s really the case, it really shows the sorry state of affairs of those hoping to stop them. Some of these claims of who LulzSec works for are getting to the point that the circle of speculation is causing them to trip up in their own claims.
The most credible thing we were able to locate was a rumour started by the New York Times which commented on a raid by the FBI on a server farm. After noting how several websites were forced offline as a result, the article features the following:
A government official who declined to be named said earlier in the day that the F.B.I. was actively investigating the Lulz Security group and any affiliated hackers. The official said the F.B.I. had teamed up with other agencies in this effort, including the Central Intelligence Agency and cybercrime bureaus in Europe.
Mr. Ostroumow declined to name the client targeted by the F.B.I. and said that he did not know why it had drawn their interest. It was also unclear why the agents took more servers with them than they sought, he said.
One should note that these two paragraphs are, in fact, very carefully worded. It effectively states two things:
1. The FBI is investigating and trying to track down LulzSec and anyone affiliated with them.
2. The FBI raided the server farm, but couldn’t say why.
This doesn’t necessarily mean that the FBI raided the server farm as part of an investigation into LulzSec and I think that anyone who points to that and says that the FBI raided LulzSec is merely delving into speculation. Depressingly, one website went so far as to proclaim that the “the noose is tightening on LulzSec”. The report even vaguely refers to the other questionable reports we’ve mentioned already to confirm their suspicions.
Overall, I think that what a lot of this is giving off an image that some media outlets will scour the internet for “LulzSec” and “compromised” and believe anything Google spits out at them. The only thing the opposition really has of any substance is an IRC operatives arrest and rumours that the FBI raided some of LulzSec’s property. At the end of the day, everything else merely amounts to fluff, huff and puff. The only thing I see a lot of the name calling accomplishing is trying to diffuse the air of control expressed by LulzSec. They are trying to remove that sense that LulzSec is the only group in question that is in control of all of this. If it’s psychological warfare that is the only weapon those opposed to LulzSec has, then they are in way more trouble then they let on. Additionally, if the FBI are relying on vigilante justice, this could show a certain level of helplessness they really have when it comes to internet activity such as this.
Is LulzSec’s Biggest Enemy Themselves?
All of this doesn’t mean that LulzSec is perfect in every way. Far from it actually. The one thing that is really going strong for them at this stage is their ability to deliver. They were able to post compromising information on sites like ThePirateBay which lends them a certain level of credibility.
What is curiously different about their promises of hacking the government is that they are giving it a lot of build-up. They say they’ve hacked the government, but havn’t actually produced anything as of yet. However, just four hours ago (after these claims of LulzSec being compromised), they Tweet, “We’re hoping to have Operation Anti-Security Payload #1 ready by Friday.”
So, they set a date. Really, this is a crossroads moment for them because they set a specific day. If they deliver whatever it is they plan on delivering on that date, then that just adds to their credibility. If they don’t deliver on that date of it what they have to offer isn’t much, then I think their credibility will be thrown in to disarray. Not unsalvagable, but it will be damaged.
The thing with LulzSec is that it’s very plausible to see how they can be taken down. It’s possible that they’ll feel invulnerable and eventually let their guard down once which is all that authorities would need. There’s too many cases where a high-end criminal ends up misstepping because of over confidence and ultimately tripping and banging their head. It would not be a huge surprise to see LulzSec ending the same way. Ironically, all these claims of LulzSec being compromised have alleviated this possibility for now. The only hope, at this stage, is if they become overly paranoid and self-destruct. This is plausible after the incident when LulzSec kicked out two of their members and exposed them to the FBI for being “snitches”. The downfall to this strategy of hoping they get overly paranoid or overly confident is that it tends to take a long time to occur.
What will ultimately be interesting is seeing what happens on Friday. Will they or will they not deliver on something big? That’s a big question in my mind.
Conclusion
LulzSec rise to fame is quite interesting, but the real question will be how long it will last. If those who oppose them really want to stop them, they should stop inadvertently helping them by focusing on the ultimate goal of seeing them behind bars, not showboating about how they are going to compromise them. Launching verbal attacks instead of letting LulzSec get too comfortable will very likely only serve to hurt any efforts at stopping them.
The one thing I will keep in mind is if LulzSec was busted as much as some would let on, they would be behind bars by now, not posting on Twitter.
Drew Wilson on Twitter: @icecube85 and Google+.
