Follow us on RSS or Twitter for the latest updates.

June 23, 2011

Doxing: LulzSec under attack from hackers, law enforcement


Lulz Security
Hacking group Lulz Security has found itself coming under attack from all angles, drawing unwanted attention from both law enforcement and other hackers groups. Though the group's antics have won it many fans who appreciate LulzSec's anti-establishment leanings, they've also earned plenty of enemies, and those enemies have started to fight back. So far, they've posted LulzSec's "dox"—the names, pictures, and addresses of the people claimed to be the ringleaders of the group.

Since LulzSec first gained prominence, pro-US hacker th3j35t3r ("The Jester") has worked to uncover their identities and embarrass them. th3j35t3r, who has made a name for himself by knocking pro-jihad Web sites offline, has butted heads with Anonymous in the past, opposing the faceless collective's support for WikiLeaks. He worked to disrupt the activities of the AnonOps faction—taking servers offline and revealing names of the participants. Since many of AnonOps' key players moving on to form LulzSec, th3j35t3r's focus has shifted accordingly.

th3j35t3r is staunchly pro-establishment, regarding the LulzSec Distributed Denial of Service attacks on the CIA Website as terrorism, LulzSec members as bullies, and those who have suffered from LulzSec's antics as victims.

Another group claiming to side with LulzSec's victims and oppose LulzSec's campaign against security organizations are "Web Ninjas". Web Ninjas have posted chat logs and dox of a number of alleged LulzSec members.

LulzSec has also been taking heat from the anti-establishment side of the fence, represented by TeaMp0isoN_. TeaMp0isoN_ members don't care about the victims, don't deny their blackhat status, and don't like law enforcement or security companies. Instead, they're motivated by disdain for LulzSec's methods and public profile—they think that LulzSec are "scene fags." LulzSec's tools have been simple SQL injection and Local File Inclusion vulnerabilities, and botnet-powered Distributed Denial of Service attacks: in TeaMp0isoN_'s view, this is not enough to earn the label hacker.

Beyond publishing information about LulzSec team members, TeaMp0isoN_ defaced the Web site of LulzSec and AnonOps participant joepie91. joepie91's relationship with LulzSec and AnonOps has long been something of an oddity; he's open about his participation in the groups, but continues to argue that he does nothing more than talk, and takes no active role in these groups' illegal activities. Whether active or passive, TeaMp0isoN_ plainly regard him as fair game, and doxed him on Twitter.

Meanwhile, LulzSec has been doing some doxing of its own. In the immediate wake of the arrest of British teenager Ryan Cleary, LulzSec claimed he had nothing to do with their group, that position was later softened, with the acknowledgement that Cleary operated an IRC server that LulzSec uses. Claiming that "snitches get stitches", LulzSec then doxed a coupled of individuals whose leaks of private chat logs and other incriminating data apparently led to Cleary's arrest.

Lulzsec
Law enforcement agencies aren't standing still, either. After his arrest on Monday night, British teenager Ryan Cleary has been charged by police with creating and operating a botnet and performing Distributed Denial of Service attacks against the Web sites of the Serious Organized Crime Agency (SOCA, the UK's closest counterpart to the FBI), the International Federation of the Phonographic Industry (IFPI), and the British Phonographic Industry (BPI). He faces a custody hearing tomorrow morning.

For the time being, LulzSec appears to be shrugging off the attacks, continuing to laugh, at least in public, at its accusers. The group promises that it will be publishing more stolen documents on Friday: the first fruit from its "Anti-Security" venture, in which it has sought to attack and embarrass computer security companies and law enforcement agencies.