Friday, June 17, 2011

LulzSec – The Lulz-Focused Hacktivist Successor to Anonymous

lulzsec-307x285Shh. No, really. Quiet down. If anyone finds out I’m writing this, this website may cease to exist – for a few hours, anyway.

I want to talk to you about LulzSec. Yes, that LulzSec. Shhh! If they hear us, they’ll shut us down. They’ll use their network of botnets and whatever-the-hell-else-they-use to slam the site with traffic. They’ll find our phone numbers and unleash outdated auto-dialing machines to tie up our phones like that episode of The Simpsons.

Why? Why would they deliberately screw with strangers on the Internet, potentially damaging digital commerce and divulging private information?

For the lulz.

Anonymous Who?

It seemed only yesterday that everyone was discussing Anonymous, the Internet hacker group responsible for numerous acts of “hacktivism” over the last few years. Most recently, they were linked to the massive breach of Sony’s PlayStation Network, the release of documents from Bank of America, and several large-scale distributed denial of service (DDoS) attacks in support of WikiLeaks and its founder Julian Assange.

While their methods are undeniably questionable and their birthplace – 4chan – a seething hive mind of Internet delinquency, Anonymous espouses unequivocal freedom of information. Any fact that exists should be publicly known, regardless of whose interests its secrecy protects. Agree with them or not, at least they have clear goals.

mos-eisley-panorama
It's old wisdom, I know, but 4chan is the Mos Eisley of the Internet.

The problem with Anonymous is that it’s just that: anonymous. Even WikiLeaks, for all its shadowy behavior and underground server lairs, has a recognizable figurehead in Assange. Messages from Anonymous “leadership” cannot be verified as such. Case in point: amidst the attack on PSN, some claimed victory for Anonymous; others disavowed any connection between Anonymous and the attack.

This breakdown of power makes Anonymous dangerous, but it also prevents them truly unifying under one banner.

Enter LulzSec

Where to begin? The name, I suppose. Internet veterans may remember – and even still use – LOL as an Internet acronym for “laugh out loud” (despite us rarely ever laughing out loud, blah blah blah, we’ve all been on the Internet since AOL). The advent and subsequent running-into-the-ground of LOLCats combined with general Internet insularity gave birth to lulz. Put simply: an acronym (LOL) became a noun (lol pronounched “lahl” or “lul”) which became a weird meme thing (lulz).

LulzSec is abbreviation for Lulz Security. This may be a sly reference for an area of the MMO/alternate-Randian-space-society EVE Online called NulSec, itself an abbreviation for Null Security. Confused? Here’s a statement from the LulzSec homepage:

“Hello, good day, and how are you? Splendid! We're LulzSec, a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun. Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year [sic].”
That’s right. Their “mission statement” references Rebecca Black’s “Friday”. That’s like the SPCA sprinkling theirs with lyrics from Rick Astley’s “Never Gonna Give You Up”. And that’s not the weirdest part. The LulzSec website plays the theme song to Love Boat, and they offer alternate “Lulz Boat” lyrics to sing along with.
“Lulz, exciting and new,
come aboard, we're expecting you.

Lulz, life's sweetest reward,
let it flow, it floats back to you.

The Lulz Boat soon will be making another run
The Lulz Boat promises something for everyone.”

NyanCatCompounding the bizarre world of LulzSec is NyanCat, the Internet meme that rainbow-rocketed its awful way into existence not long before LulzSec’s came into proper existence. As if we needed another reason to distrust them, LulzSec latched onto NyanCat. He cropped up in many of the group’s early statements. The background to the NyanCat video is displayed on the LulzSec site and Twitter page.

NyanCat, “Friday”, the Love Boat song: it all perpetuates LulzSec’s reputation as agents of Internet chicanery rather than Internet criminals. That ethos almost makes them more dangerous. No one can know what will amuse them next. Anonymous at least has stated goals. LulzSec is its more radical, clownish descendant.  If they were Batman villains, Anonymous would be Ra’s al Ghul, LulzSec the Joker.

So…They’re Dangerous?

This week, LulzSec embarked on Titanic Takeover Tuesday. Rather than continue to hack servers and release long unintelligible (to the layman, anyway) text files, they launched a salvo of DDoS attacks around the Internet.

Like some kind of egomaniacal supervillain blowing up cows with his mind to prove his strength, LulzSec took down The Escapist Magazine, only to tweet later that the attack only required “0.4% of [its] ammunition.” Games including EVE Online, Minecraft, League of Legends, and Heroes of Newerth were all similarly attacked.

LulzSec then rallied its lulz-loving troops for some good old-fashioned switchboard clogging. They invited their Twitter followers to call a number, which was rerouted to the offices of Blizzard Entertainment and a Detroid FBI office, among others.

Topping it all off was the takedown of the CIA’s website, a move more in line with LulzSec’s previous attacks on PBS and the security firm HBGary. They are, after all, a descendant of Anonymous, and some of the biases regarding WikiLeaks and Bradley Manning remain.

This is, of course, just LulzSec’s most recent activity. Nintendo, Sony, FOX and others have all be subject to security breaches and DDoS attacks courtesy of LulzSec. The recent release of some 60,000 usernames and passwords has many understandably worried, and The Next Web has chipped in to help people see if they’ve been compromised (there’s no way of knowing the veracity of this stuff, but whatever helps you sleep at night, I suppose).

ServerRoomFireWeb
A literal server meltdown

In the world of hacking, LulzSec operatives wear grey hats. They aren’t noble hackers working for corporations to improve their security (white hats) or pure malicious codebreakers out for personal gain (black hats). Their gain is lulz. Their mission is exposing weaknesses.

Writing for PC World, Tom Bradley argues, without actually supporting LulzSec in any way, that “the LulzSec attacks are raising awareness of a serious issue with network and data security, and the entire Internet will hopefully evolve and be stronger as a result.” It’s his belief that these attacks couldn’t be so frequent and easy to pull off if the mean level of Internet security were higher.

I can see his point. If some sites go down for a few hours only to come back stronger and more secure, that’s fine. But I worry.

I worry about the leaks of information. I worry that as Anonymous members are rounded up, LulzSec’s activity will increase exponentially. I worry about the group’s decentralized nature and its gleeful mockery of our peace of mind. I fear this will spiral out of control into some sort of Barnhouse effect: that a group like LulzSec will become so powerful and so quick to act, that merely thinking of a website will bring it to its knees.

Are you still reading this? Good. That means they haven’t atta----