LulzSec: Is it too cocky for its own good?

LulzSec: Is it too cocky for its own good?

Summary: With a 19-year-old behind bars following network intrusions and denial of service attacks against "a number of international business and intelligence agencies," the fate of LulzSec remains an open question.

TOPICS: Security

With a 19-year-old behind bars following network intrusions and denial of service attacks against "a number of international business and intelligence agencies," the fate of LulzSec remains an open question.

If the group is strong, the arrest of LulzSec's alleged ringleader is a short-term win for law enforcement agencies, but nothing else. If LulzSec isn't exactly ready for prime-time, the flameout is spectacular. For its part, LulzSec said it's more than a one man band on its Twitter account.

London's e-crime unit said in a statement:

Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation.

The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

The teenager was arrested on suspicion of Computer Misuse Act, and Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.

Note that this man in custody may not be the LulzSec leader, notes ZDNet UK. Nevertheless, it took all of a few minutes for a Pastebin post to give this 19-year-old a name. Take that link for what it's worth. There is no confirmation just yet. Scotland Yard's release hints at a LulzSec connection, but that's it.

As Sophos noted, all eyes will now be on the LulzSec Twitter account. If LulzSec was a one-man band then that Twitter feed will be stopped in its tracks. Obviously that's not the case. LulzSec continues.

When you ponder LulzSec's attacks and the showmanship of the site (Love Boat theme) and Twitter feed, which was entertaining at times, it's not a stretch to see a 19-year-old running the operation. In fact, the cockiness of the whole LulzSec operation seems a bit juvenile. Why would a group broadcast "Operation Antisecurity?" That effort was designed to be more like Wikileaks and expose hacks. If that was the aim, why would you broadcast such an operation?

If Anonymous is the serious hactivism group, LulzSec is the court jester. Think the Joker in the Batman series. LulzSec is organizing attacks against governments and corporate entities largely for the glory. LulzSec seems to be in the game for fame---not money.

However, LulzSec may be overstepping. It's one thing to hack Sony, the CIA, FBI and the Serious Organized Crime Agency (SOCA). It's quite another to thump your chest wildly about those attacks. If LulzSec is beheaded with this arrest it's clear that the group's cockiness only wound up law enforcement. Even veteran hacker Kevin Mitnick said that LulzSec was way bold.

Mitnick starts talking about LulzSec at about the 4 minute mark in the following video via CBS News' What's Trending.

On the other hand, LulzSec may inspire other hackers. Future groups may leave the cockiness at home and quietly do a lot more damage. It's not like LulzSec's potential demise will do much to shore up security efforts in various companies.


Around the network:

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • ummmm, yes

    Lulzsec is an atavistic throwback to hackers who hacked for glory and fun. Their arrest is a foregone conclusion.

    The bulk of todays modern hackers tend to do so for profit, not fun. They quietly create large apache botnets or sit on 13 year old password security bug fixes to monetize the exploit.
    Your Non Advocate
    • RE: LulzSec: Is it too cocky for its own good?

      @facebook@... I know what exploit you're talking about, and that only applies if you ahve access to a copy of the hash, the person is using Blowfish (which most people use either SHA or MD5) and is using the # sign and a short password...
    • LulzSec/Anonymous: Highwaymen and sea pirates of today's lanes of commerce


      The eventual dangers of LulzSec and Anonymous' unchecked spread, increasing audacity, and ever-improving tools and hiding methods are vastly underestimated by business IT (except those in security), and by mass media who bought the criminals' self-portrayal as "merry pranksters."

      In a worst-case scenario, hackers break down a few more critical security doors, then sell the access to a hostile foreign government.

      That country's demented leadership disrupts U.S. government functions and commerce lanes by stopping email communications, wholesale DDOS-ing government and business sites, and demanding ransoms to allow traffic to resume. Or just letting us fester in calamity.

      That foreign government could commandeer all the Web access out of its country, then focus a hefty bank of servers on selected U.S. companies, federal, state and municipal sites. They could DDOS us into submission in a few hours. Now suppose their success emboldened other countries hostile to the U.S. to do likewise.

      Since we've shown we can't stop foreign countries--even our own hackers'--digital attacks, our non-clever government would "be forced to" carelessly use armed force.

      And where would that end?
      • RE: LulzSec: Is it too cocky for its own good?

        @archetuthus: Not something we're concerned about in the U.S.<br><br>They hack our business IT, they'll miss by 12,000 miles. It's in India.
      • LulzSec could be a Government/Miltary Trojan Horse for the Public


        You assume that all of this is not government sponsored (directly ir indirectly). Why would government sponsor something like this that would result in its exposing its own dirty laundry?

        For one the persons who would do this are not part of the public facade of government we see every day but are the real behind the scenes power brokers, the persons put in place by the elite and not the elected stooges or front men. These power men would most certainly do something like this as a way to justify to the public a heavy handed crackdown on internet use/access under the guise it?s to protect everyone from groups like lulzsec. Can you say ?Internet Kill Switch? ? I knew you could.

        And just in case some duped zombie tries to reply with ?That?s Just conspiracy theory? just keep in mind that more of the populace are wake today than ever and that we are on to the long running con game that the rich and powerful (the real rich and powerful and not the front men listed in Lifestyles of The Rich and Famous? have been playing with their hacks inside of government . In fact, the only people left who still believe the government is not willing to do this kind of corrupt action to grant it more power over the populace (and are willing to comment about that on the web) are the brain dead zombies plastered every night at prime time to Dancing With the Idiots and the pro-government hacks/operatives on the payroll of these elite who are working to down play comments from posters like this.
    • RE: LulzSec: Is it too cocky for its own good?

      Why don't these people put their knowledge to good use and find something constructive instead of destructive to do with it. Help people instead of hurting them. The recognition will be the same...perhaps even more because they will be remembered over time instead of forgotten in time.
      • RE: LulzSec: Is it too cocky for its own good?


        They are helping. They're exposing stupid network flaws and how lousy the IT security is. Unfortunately too many companies are buying some hollywood portrayal of hackers and thinking these are die-hard skilled criminals when in fact they're just really, really motivated trolls. These hackers aren't good, the companies' IT security is just plain BAD, and they need to stop THEIR cockiness and actually bother to fix it!
    • RE: LulzSec: Is it too cocky for its own good?


      Apache botnets? Apache is a webserver... Not botnet software. Maybe an exploit that can get you root on a machine to make it a part of a botnet is done through apache, or you use an apache exploit for XSS to get clients as drones... But without the qualifications I just added your statement makes no sense.
  • An easy way to bury bad news

    Yeah, the UK government has caught the ringleader just hours after news breaks of Lulzsec hacking and grabbing the 2011 UK census. Turning the top story from "UK gov bunch of useless sh**-sticks" into "Amazing UK government break hacking ring."

    Clearly just some poor devil who's been offered to the media as a distracting scapegoat.
    James Williams2008
    • RE: LulzSec: Is it too cocky for its own good?

      @James Williams2008 According to their twitter feed, they weren't the ones who hacked the census. And given how they appear to be in this mostly for the publicity, I imagine they'd lay claim to it if it was them.
      • RE: LulzSec: Is it too cocky for its own good?


        I think the point of scapegoating is that the accused tends to not be responsible.
    • RE: LulzSec: Is it too cocky for its own good?

      @James Williams2008
      Yep, the first question to ask is: where is the benefit? What on earth could a "hacker" benefit from the 2011 UK census data? Just as what on earth could a "burglar" benefit from the accounting books of a union, that got conveniently "stolen" just before an audit? Same fake intrusion story.
  • RE: LulzSec: Is it too cocky for its own good?

    yo's time to call upon Razor and Blade...Hack the Planet! :P
    • RE: LulzSec: Is it too cocky for its own good?

      Funny thing is I just watched that last night :)
    • Haha nice!

  • RE: LulzSec: Is it too cocky for its own good?

    Criminals like this need to all be taken out and executed for the good of society.
    • RE: LulzSec: Is it too cocky for its own good?

      @DaveMorris I agree. So should criminals who text while driving, because you know, that actually costs people's lives.
      • RE: LulzSec: Is it too cocky for its own good?

        So hackers never cost people their lives? Did you read about the hackers who change dosages at hospitals? And if hackers cost enough companies enough money, they lay people off and lack of money can also cost lives.
      • RE: LulzSec: Is it too cocky for its own good?

        @OldPoet: How about some accountability for companies who leave their software vulnerable to obvious exploits like SQL injection? Furthermore your argument is false for the most part because most businesses have business insurance.<br><br>By your argument any crime can cost a life, what you're doing is called a shell game. Robbing a house could cause someone who owns a company not to have enough money, and then lay off an employee to cover his losses, ergo that could cost a life. It's just asinine and a logical fallacy.<br><br>Obviously if a hacker changes someone's dose that's murder... But it's a lot different from stealing a list of email addresses and passwords and accordingly it's a murder charge. That's why we have separate crimes for separate actions regardless of the means. The means can determine one of the charges, such as unauthorized use of a computer system, but the other charge would be first degree murder.
      • RE: LulzSec: Is it too cocky for its own good?

        @snoop0x7b +1!