Are we really living in a post-LulzSec world?

It's only a matter of time before the group re-emerges say experts

Black hat hacker group LulzSec may have announced that it is ceasing operations after 50 days of attacks on companies such as Sony but the group still retains vast amounts of stolen data. Security experts are divided as to whether the scale of the attacks means companies are not merely dealing with 'script kiddies' — a term for hackers who use 'off the shelf' code and simple methods for discovering exploits — or sophisticated cybercriminals.

So is the re-emergence of LulzSec inevitable where does this leave Anonymous, which the group recently teamed up with to target banks and government organisations in an 'anti-sec' operation?

A Twitter account associated with Anonymous recently tweeted that there will still be `Lulz aplenty' and indicated it is now planning an attack on US agricultural seed and chemical company, Monsanto, which also has an Australian operation. The attack, according to Anonymous is a response to Monsanto's use of growth hormones in seeds in North America.

"We're going to hit MonsantoCo with something a little bit more serious than a distributed denial of service [DDoS] attack this time. F**k em," read the tweet.

Pure Hacking chief executive officer, Rob McAdam, told Computerworld Australia that he does not believe that LulzSec was as well organised as some other hacking entities the white hat hacker company has monitored and that, unsurprisingly given its name, the group was in it "for the laughs".

"In line with their agenda LulzSec targeted the most significant profiles that they could to in turn raise their profile in the shortest time frame possible," says McAdam. "I certainly don’t believe that every corporation they targeted, they successful breached the network security."

In fact, he says there are probably quite a few targets the group went after that the public would never hear about because "there is no significance in a failed attempt."

While getting "15 minutes of fame" was great for the group's ego, he says it broke a number of laws and it was only a matter of time before the Federal Bureau of Investigation (FBI) caught up to them.

"Once they realised that the authorities were serious about prosecutions, the threat of a criminal record outweighed the infamy of it all," says McAdam.

"Hardcore hacker groups that derive their income from breaking the law don’t fear going to jail; for them the risk is all part of what they do. LulzSec has rightly decided to avoid going to jail at all costs and the fear of this happening has put everything into perspective for them."

On the question of where this leaves Anonymous, McAdam says that only the group itself could answer that. "The drive to pull back from hacking activities at this point has come from LulzSec but it is just one of many disparate groups with self imposed mandates. A similar organisation to LulzSec emerging? It’s a given," he says.

In contrast, M86 Security vice-president, Jeremy Hulse, says LulzSec are sophisticated and used a number of techniques that allowed them to get through corporations' cyber defences. While some of the tools they used are available on the Web, he says the group was very capable when it came to finding weak spots.

"They were behaving like script kiddies, but, to be fair, I think some of these organisations such as Sony had some basic vulnerabilities."

While Hulse says he does not support LulzSec's actions, he concedes that the group has drawn attention to people's tendency to become blasé about security until something happens.

"What they've done is the wrong way to educate people but it is a short, sharp shock to a lot of businesses that they do need to look at these things so from that respect it has had an effect," he says.

"LulzSec have said they are going to stop because they've made their point. Whilst they were doing that, what else was been done in the background? If I wanted to take attention from other activities I was doing, the perfect way to do that would be to announce all these other hacks."

He also doubts that people with the group's level of capability would simply disappear back underground.

"You think about the places LulzSec have hit and the information they've taken. We don't know all of what they have but it includes credit card details and emails. They probably don't need to keep hacking."

Hulse also warns that the group is unlikely to tell anyone what they are doing now.

"Any access to hacks they've done, they will change their methods completely so anyone searching can't track them down. If they get caught it will be on the script kiddie side of things."

According to Hulse, there are only two reasons why people hack — the first is for the money and the second for the fame.

"It's like an addiction for these guys; they will keep doing it. They may take the attitude that 'We told you to that you should look at your security so now we are going to make you pay in a different way.' "

Looking at the future, he says better antivirus signatures needed to be developed as some signatures were now 20 years old. The International Monetary Fund is believed to to have been a victim of phishing, resulting in large amounts of data being stolen.

"We do have to look at different techniques and technologies because we can't rest on old technology. If organisations can get to the mindset of looking to the future, they will be better protected."

"Companies also need to have constant reflection on themselves and what they are doing," says Hulse. "That constant analysis of security is critical and if they don't have a program, than these hacks will continue."

Hulse also warns that Anonymous arguably poses a greater threat than LulzSec, as its members are capable at not only getting into systems but also at covering their tracks after exiting a system.

Sophos Asia Pacific head of technology, Paul Ducklin, says the only silver lining from LulzSec was that companies who saw security as just another IT cost were forced to take notice. However, he says, this does not justify the group's actions.

"Their motivation always seemed to be that it was tremendous fun [to hack companies] but there are a number of companies in both Australia and New Zealand, where there are no mandatory disclosure laws, that are saying 'I see security as a cost, not a value, and I'm going to try to minimise the amount that I spend and brush it under the carpet'"

"If you've been one of those people hiding behind the dark glasses, the glasses should be off by now and your moment of certainty that you are at risk has come," says Ducklin

"It should have come long ago but it has now come."

He also warns that people should not believe anything LulzSec tweets or issues in press releases because the group was notorious for issuing false information.

"We seem to be rushing to believe the things they have said that are handy to believe. I don't know why you would because stealing data and publishing it is a criminal matter in most countries," he says.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags securityLulzsec

More about etworkFBIFederal Bureau of InvestigationInternational Monetary FundM86PurePure HackingSonySophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place