Security firm Imperva said Tuesday it has assembled a profile of the activities of hacker group LulzSec and may have identified some members of the group, according to The Guardian.
Imperva claims that there are 10 or fewer hackers within LulzSec, a group that seems to have spun off from Anonymous, another high-profile hacker group. The group uses web vulnerabilities to attack sites with SQL injection attacks and distributed denial of service attacks (DDoS), the report said. One of the hackers also owns a botnet — a massive army of slave computers — that could be used to conduct a DDoS attack. The Guardian also published several handles of the hackers that the security firm identified as members of LulzSec.
LulzSec and Anonymous recently launched “Operation AntiSec,” a call to arms asking hackers everywhere to attack government websites and deface them. It also marked the first time that LulzSec publicly cooperated with Anonymous. The two groups have been at odds since LulzSec began attacking several video games and publicly taunting 4chan.org users.
An upload Monday to Pastebin, a site for posting anonymous documents, claimed that LulzSec had acquired the UK Census records and was “keeping them under lock and key.” The group quickly denied that it was involved in the attack. The same day that the group denied the attack, Ryan Cleary, a 19-year-old UK man, was arrested for his suspected involvement with LulzSec.
LulzSec said it is hacking websites like CIA.gov for fun, rather than for political reasons. The group also said there was a lot of information, taken from the networks it had broken into, that the group had not publicly released. It has released a lot of sensitive data and passwords taken from users of various sites like CIA.gov.
LulzSec said it came from the same core group of hackers that would go on to become known as Anonymous. LulzSec’s attacks also bear an increasing resemblance to those made by Anonymous. For instance, Anonymous regularly takes up political causes, and a recent attack on Senate.gov is one of several politically-motivated attacks the LulzSec team has executed.
LulzSec previously broke into the Sony Pictures site and invited readers to “plunder those 3.5 million music coupons while they can.”It also said it was targeting Sony in retaliation for how it handled the downtime of its PlayStation Network after it was forced to bring down the service and beef up security after an attack by an as-yet unidentified hacker group. Members of the LulzSec group were also able to break into the PBS site recently and post a fake story saying that rapper Tupac Shakur was still alive.