Update: After receiving some emails and comments, I'm compelled to mention the claim that LulzSec was intentionally baiting the individual mentioned in this post, Karim, to see if he would "sell out." So take that into consideration when reading the article below for balanced perspective. Last of note is that my post is not in support of "th3 j35t3r;" he's merely one of the few having a go at LulzSec in the fashion he is. One of the more notable individuals interested in the demise of LulzSec is known as "th3 j35t3r." His Twitter stream is rife with taunts and information he feels will all ultimately lead up to the capture of those operating the lulz boat. Up to this point, LulzSec has claimed they do what they do simply for the lulz, but the following tweet by "th3 j35t3r" points to a different motive: money.
Following the link provided, we are taken to the Web site of one Karim Hijazi, CEO of Unveillance. Karim's company is a private botnet monitoring service whose primary function is to identify and confirm botnet infections in computer networks. (A botnet is essentially a network of computers that have all been compromised to serve a common malicious purpose.) On June 3, 2011, Karim posted a press release on his site which contained a conversation he had with members of LulzSec after they targeted him. Part of the discussion reads as follows:
(KARIM) So did we wrong you in some way, let’s get to the point? (LULZ) <@Ninetales> If you wronged us, all of your affiliates would be crushed. Don’t worry, you’re in the good books. The point is a very crude word: extortion. (LULZ) <@Ninetales> And what we’re both willing to agree upon that you sacrifice in return for our silence. (LULZ) <@Ninetales> While I do get great enjoyment from obliterating whitehats from cyberspace, I can save this pleasure for other targets. Let’s just simplify: you have lots of money, we want more money. (LULZ) <@Ninetales> Prepaid Visas, MoneyPaks, BitCoins, Liberty Reserve, WebMoney, the flavor of your choice. Naturally we’ll avoid PayPal.In other words, "pay up or we leak personal information of yours onto the Internet." Karim concludes his press release with the following details which shed more light on his involvement with the situation:
1. I have been able to protect the sensitive data which LulzSec was ultimately after. All they have stolen and publicly dumped are my personal and work emails. 2. I am now, and have been, in full cooperation with the FBI. In fact, I contacted the FBI and US-CERT immediately after I began receiving threats from LulzSec to request their assistance – and to explain the nature of the threat. I offered my full cooperation to the FBI in an effort to rectify the situation. 3. Unveillance is not a security company. We are a private botnet monitoring service – and a good one, which is why we were targeted. I do not provide security services to other companies. What I do provide clients with is the first zero false-positive analysis tool for identifying confirmed botnet infections in their computer networks. 4. I am not surprised by this attack; or the information dump on me; or their slanderous statements against me and my company. This is precisely what they threatened me with – in addition to other things, including allusions to physical harm to me and my family – if I did not cooperate with their demands. 5. I do not regret refusing to cooperate with LulzSec. My data is of national security importance. I could not and cannot, in good conscience, agree to release my botnet intelligence to an organization of hackers.That's quite a bit to digest for someone who is but one more victim of a rogue hacker group supposedly doing it for the lulz. But recent activities of LulzSec's serve to show that they now have a purpose beyond lulz or money: disrupting governments and high-end establishments. It's obvious they want to build up as much computing power as they can with which to attack servers, as well as build up funds with which to use for either personal or organizational gain. Whatever the case may be, suffice it to say that LulzSec becomes a decreasingly appropriate moniker for the rogue hacker group as they steadily move away from "lulz" and more towards causes that require funding (even if the cause itself is simply to make money) -- such as toppling government rule or exposing top-secret/classified documentation/information. On a personal note, I'm very surprised it has taken this long for movements like LulzSec and Anonymous to form and go about the actions they have thus far -- especially given the level of success these people have enjoyed with their exploits. Make no mistake, this stuff is easy for these people, and it will only get easier as terrorist organizations, hacktivists, and anti-U.S. governments figure out that they can use Anonymous as a safe house to hide their digital attacks behind. So while nothing severe has happened in the way of affecting the U.S. Government yet, these movements seem to have a resolve sincere enough to do so at some point. And with LulzSec now branching out into various region-specific sects, governments are being attacked at an alarmingly frequent rate. The race is on: governments vs. LulzSec and Anonymous. -Stephen Chapman SEO Whistleblower