Well-known Internet mayhem group LulzSec recently announced to its followers that it will cease its campaign of web-based attacks. The group implemented numerous DDoS (Distributed Denial of Service) attacks on a variety of targets during its 50-day spree of chaos. Many of the attacks were a result of poor security measures.
Utilizing Twitter Feeds
Ironically, the group left numerous tips on its Twitter feeds for its victims. For instance, when Fox Broadcasting was attacked, LulzSec released a Twitter update stating, “Don’t use the same password twice. Your laziness will not end well.” Another guideline announced was to not using prepaid credit cards to conduct online purchases. The slew and successful hit of targets included giant conglomerates, law enforcement agencies, governmental organizations, television networks and ATMs.
The Goal of the Mayhem
LulzSec stated in the letter that their goal was to have fun, entertain other followers and share “lulz.” During the period from May 6th, 2011 to June 26th, 2011, the group left information technology experts wondering who they will be attacking next.
One of the first attacks conducted by LulzSec occurred on May 6th, 2011. The group targeted the Fox.com website due to a leaked database of X-Factor contestants. LulzSec also defaced 14 LinkedIn accounts of Fox Broadcasting employees.
Through the 50-day period, the group harvested 3,133 individual bank account details from ATMs in England which were posted on Twitter and Pastebin. The details included machine identification number, latitude and longitude, the address, company owner and transaction amounts recently made.
Next on their list was the PBS.org website in which the group posted a fake story claiming the dead rapper Tupac Shakur was still alive in New Zealand. Also, many passwords were stolen and a number of web pages defaced. The attack was in response to a documentary on Julian Assange which displayed him in a negative light.
Sony PlayStation Network
The Sony PlayStation Network was the next target due to the lack of security measures. LulzSec stole information from 1 million user accounts to prove the company did nothing to improve their security. Other hacker groups condemned LulzSec from exposing the user data which could have led to identity theft.
The most interesting aspect of the group was their telephone hotline. By dialing 614 LULZSEC, angry callers could request a target to be DDoS’d. During its reign, the group missed more than 5,000 calls and had over 2,500 voicemails. Additionally, the group redirected phone numbers to World of Warcraft customer service, a hosting company and FBI office in Detroit. LulzSec proved their point by wreaking havoc on Internet companies and groups that they simply did not like.