Lulz Security, commonly abbreviated as LulzSec, was a computer hacker group that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011.
The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was a computer security specialist who used the online moniker Sabu. The man accused of being Sabu has helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. British authorities had previously announced the arrests of two teenagers they allege are LulzSec members T-flow and Topiary.
At just after midnight (BST, UT+01) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of seven members, and that their website is to be shut down. This breaking up of the group was unexpected. The release included accounts and passwords from many different sources. Despite claims of retirement, the group committed another hack against newspapers owned by News Corporation on 18 July, defacing them with false reports regarding the death of Rupert Murdoch. The group helped launch Operation AntiSec, a joint effort involving LulzSec, Anonymous, and other hackers.
Former members and associates
LulzSec consisted of seven core members. The online handles of these seven were established through various attempts by other hacking groups to release personal information of group members on the internet, leaked IRC logs published byThe Guardian, and through confirmation from the group itself.
Sabu – One of the group's founders, who seemed to act as a kind of leader for the group, Sabu would often decide what targets to attack next and who could participate in these attacks. He may have been part of the Anonymous group that hacked HBGary. Various attempts to release his real identity have claimed that he is an information technology consultant with the strongest hacking skills of the group and a knowledge of the Python programming language. It was thought that Sabu was involved in the media outrage cast of 2010 using the skype "lulzsecsabu" Sabu was arrested in June 2011 and identified as Hector Xavier Monsegur, a 28-year old unemployed father of two from New York’s Lower East Side. On August 15, he pleaded guilty to several hacking charges and agreed to cooperate with the FBI. Over the following seven months he successfully unmasked the other members of the group.
Topiary – Topiary was also a suspected former member of the Anonymous AnonOps, where he used to perform media relations, including hacking the website of the Westboro Baptist Church during a live interview. Topiary ran the LulzSec Twitter account on a daily basis; following the announcement of LulzSec's dissolution, he deleted all the posts on his Twitter page, except for one, which stated: "You cannot arrest an idea". Police arrested a man from Shetland, United Kingdom suspected of being Topiary on 27 July 2011. The man was later identified as Jake Davis and was charged with five counts, including unauthorized access of a computer and conspiracy. He was indicted on conspiracy charges on March 6, 2012.
Kayla/KMS – Ryan Ackroyd of London, and another unidentified individual known as "lol" or "Shock.ofgod" in LulzSec chat logs. Kayla owned a botnet used by the group in their distributed denial-of-service attacks. The botnet is reported to have consisted of about 800,000 infected computer servers. Kayla was involved in several high-profile attacks under the group "gn0sis". Kayla also may have participated in the Anonymous operation against HBGary. Kayla reportedly wiretapped 2 CIA agents in an anonymous operation. Kayla was also involved in the 2010 media outrage under the Skype handle "Pastorhoudaille". Kayla is suspected of having been something of a deputy to Sabu and to have found the vulnerabilities that allowed LulzSec access to the United States Senate systems. One of the men behind the handle Kayla was identified as Ryan Ackroyd of London, arrested, and indicted on conspiracy charges on March 6, 2012.
Tflow – (Real name: Mustafa Al-Bassam) The fourth founding member of the group identified in chat logs, attempts to identify him have labelled him a PHP coder, web developer, and performer of scams on PayPal. The group placed him in charge of maintenance and security of the group's website lulzsecurity.com. London Metropolitan Police announced the arrest of a 16-year-old hacker going by the handle Tflow on 19 July 2011.
Avunit – He is one of the core seven members of the group, but not a founding member. He left the group after their self-labelled "Fuck the FBI Friday". He was also affiliated with Anonymous AnonOps HQ.
He is the only one of the core seven members that has not been identified.
Pwnsauce – Pwnsauce joined the group around the same time as Avunit and became one of its core members. He was identified as Darren Martyn of Ireland and was indicted on conspiracy charges on 6 March 2012. The Irish national worked as a local chapter leader for the Open Web Application Security Project, resigning one week before his arrest.
Palladium – Identified as Donncha O'Cearbhaill of Ireland, he was indicted on conspiracy on 6 March 2012.
Anarchaos – Identified as Jeremy Hammond of Chicago, he was arrested on access device fraud and hacking charges. He was also charged with a hacking attack on the U.S. security company Stratfor in December 2011. He is said to be a member of Anonymous.
Other members still may be active as to this time, they will not be identified.