Hacktivists and Information Security Professionals could not believe their eyes while reading the breaking news published by Fox News according to which the infamous Sabu, the alleged leader of the LulzSec collective, has been secretly working for the government for months and played a crucial role for the raids which today led to the arrests of three members of the infamous hacking collective with two more charged for conspiracy.
You will probably remember that the hacking collective which, in its “50 days of Lulz” become the nightmare for System Administrators and Law Enforcement Agencies all over the Globe, suddenly decided to give up, on June the 25th, in a completely unexpected way, leaving their supporters and followers completely surprised, but also leaving the heritage of a name which has become a synonym for hacktivism (also because of their pact with the Anonymous, with whom they are often associated, in the name of the #Antisec movement).
Even after the group left the scene, Sabu has continued to constantly tweet and comment the events through his “official” Twitter account @anonymouSabu, probably a fake or a diversionary tactic, since it looks like that Sabu had already been arrested by the FBI since June, the 7th, more than a couple of weeks before the breakdown of the group,
At that time, the hacking group was hunted by Law Enforcement Agencies and several Grayhats as well (among all @th3j35ter, the A-Team and Web Ninjas whose blog, lulzsecexposed.blogspot.com, unfortunately is no longer available).
Curiously, it looks like that Sabu had already been “doxed” since then. At that time many claimed to have revealed the identity of the members: there was no day without a new pastebin promising to expose new information. But if you have a look at them, they all have only one thing in common, and it is just the identity of Xavier Monsegur (or Montsegur), also known as Sabu. The truth was very close and before everybody eyes: on pastebin.
June, 28th 2011: http://pastebin.com/qmP7R49Y
The real identity of the other members is not still completely known, but for sure it is not a coincidence that no one of the pastebins was able to guess anyone else except Sabu, who hence was the first to be arrested, well before the rest of the group.
Like the rest of the information security world, I have been impressed enough by the 50 days of Lulz. Even if one agrees with the detractors which claim that, after the first PSN hack, the LulzSec releases are of poor quality, it is unquestionable that the crew of the Lulz boat has contributed to make to the world aware, although with controversial methods and purposes, about the risks of data security. Moreover the list of their targets shows that this applies both to private and public inistitutions: from corporations to governments.
However there is another aspect I was particularly impressed by, and it was the war fought behind the scene between the bad guys (the LulzSec team), and the good guys as two main characters: an ethical hacker former military called @th3j35ter (already known also for hactivism) and a team of web sentinels, who called themselves Web Ninjas).
Since other characters played a primary role in this modern war as well (@on3iroi and a group called the A-Team), making the timeline and the scene of the crime further complicated and intriguing, I tried to collect all the possible information and references in the picture below. The whole story looks like a mix between a spaghetti western in modern sauce with a spy story (probably Hollywood scriptwriters should consider it for a movie).
What was the most impressive aspect according to my personal opinion? For sure the use of social media for intelligence purposes. Have a look at the way the first member of LulzSec Team Nakomis, was unmasked by @th3j35t3r. Is it Social Espionage, isn’t it?
Somewhat unexpected after 50 days of, apparently unstoppable chaos, the LulzSec Hacker group decided to haul down the flag of war and navigate to calmer shores, in which they will likely not attack other vessels in the sea of Internet.
The alleged dissolution of the group, leading the cyber-attacks at the CIA, U.S. Senate, Nintendo, Sony, SOCA, NATO and others, was announced in a statement, entitled 50 days of lulz in which the group has taken responsibility for the events, reviving the glory days of the AntiSec Movement, while claiming not to be permanently tied to the identity of LulzSec.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
Probably this decision was also a consequence of the increasing attention attracted by the group, not only by CIA and FBI (which arrested an alleged 19 years old member of the group, Ryan Cleary, whose real involvement however, is yet to be shown), but also by other hackers: @th3j35t3r, @On3iroi, Web Ninjas and Warv0x (who hacked PBS a second time, just to show that “…LulzSec are just a bunch of script kiddies…”. Against those, in the last days, LulzSec was fighting a war with no holds barred, as in a modern cyberversion of a spaghetti western: on one side the so called good guys trying to unmask the identity of the bad guys with IRC logs leakages, DDOS attacks and anti-LulzSec PHP scripts; on the other side the bad guys claiming the futility of enemy attacks, their poor detective capabilities, and also their “horrible coding” (read this pastebin with the LulzSec fixed version of the PHP script used to scan their domains). At this link the possibile identities of the LulzSec members.
As their last goodbye the LulzSec released a final torrent with data taken from AOL, AT&T, NATO & others.
The motivations of the group can be shared or not, but one thing is certain: the ease with which classified information has been leaked should make us think ….
- The end of LulzSec? Hacking group says it is disbanding, after 50 days of attacks (nakedsecurity.sophos.com)