LulzSec Hackers' Ambitions Grow As Group Targets Secret Government Data

By Jim Finkle and Marius Bosch

BOSTON/JOHANNESBURG, June 21 (Reuters) - The Lulz Security group of rogue hackers is threatening to steal classified information from governments, banks and other high-ranking establishments, in what would be an escalation of its cyber attacks.

So far LulzSec's publicized assaults on Sony Corp (6758.T), the CIA, News Corp's (NWSA.O) Fox TV and other targets have mostly resulted in temporary disruptions of some websites and the release of user credentials.

But now, LulzSec says it is teaming up with the Anonymous hacker activist group to cause more serious trouble.

"Government hacking is taking place right now, behind the scenes," LulzSec said on Monday in a message posted on Twitter, the microblogging site where the group has cultivated more than 240,000 followers.

U.S. government authorities, including the FBI, declined to comment on their efforts to combat LulzSec and Anonymous.

But in what could be a sign that cyber police are making progress toward shutting down LulzSec, British police said on Tuesday that they had arrested a 19-year-old man on suspicion that he was connected to attacks on Sony, the CIA and a British police unit that fights organized crime. [ID:nLDE75K1Q4]

London police declined to say if the teenager was a member of LulzSec, but the hacking group said via Twitter that he had hosted one of its chatrooms on his computer server. The arrest comes after Spanish police earlier this month apprehended three men on suspicion they helped Anonymous

JUST FOR LAUGHS?

LulzSec had said last Friday that it hacks to have fun and to warn people that personal information is not safe in the hands of Internet companies. But two days later, LulzSec said its top priority was to leak "classified government information, including email spools and documentation."

LulzSec, whose hacks started to hit headlines last month, has published the email addresses and passwords of thousands of alleged subscribers to porn sites, it temporarily took down the public website of the CIA, and it published data from internal servers of the U.S. Senate. [ID:nN1E75J1ZL]

Security experts who have researched LulzSec's origins say it emerged from Anonymous, which became famous for attacking the companies and institutions that oppose WikiLeaks and its founder, Julian Assange. Anonymous also attacked Sony and governments around the globe that it considered oppressive.

LulzSec's members are believed to be scattered around the world, collaborating via secret Internet chat rooms. Suspected leaders include hackers with the handles Kayla, Sabu and Topiary, security experts say.

Bruce Schneier, a security technologist who studies cyber attacks, said he believes LulzSec members are not hardened criminals but are "a bunch of guys who met in a chat room, plus everyone else who thinks it would be cool to take on that name."

"They're not going to do any damage. They're just out having fun ... they'll probably never be tracked down," he said.

The group's name is a combination of lulz, which is slang for laughs, and sec, which stands for security.

"You find it funny to watch havoc unfold, and we find it funny to cause it," LulzSec said in a statement posted on its website, www.lulzsecurity.com, last Friday to mark its 1,000th Tweet. "We release personal data so that equally evil people can entertain us with what they do with it."

JUST FOR LAUGHS?

LulzSec's new campaign to steal sensitive government data may signal that it is getting more ambitious.

But so far, LulzSec has not implied that it was looking to profit financially from hacks, nor has it acted as a gun for hire willing to break into any network for a price.

In fact LulzSec turned down a potential reward from a security firm, Berg & Berg, that had offered $10,000 to anyone who could change a picture on its website. LulzSec did it, and left a message to say the task was easy. "Keep your money, we do it for the lulz."

The group's unpredictable nature can make for interesting drama. It openly discusses whom it should attack, welcomes debates with its Twitter followers, and set up phone hotlines in Europe and the United States for people to call in with suggestions.

Last week, LulzSec bragged that it had shut down the websites of some video game companies, broken into the servers of others, and had stolen the personal data of about 200,000 players of the online video game Brink.

But when the group learned that other hackers had stolen data from Japanese video game developer Sega Corp, it offered to punish them in a message that suggested LulzSec leaders might be among the loyal fans of Sega's Dreamcast console, which was discontinued a decade ago.

"Sega - contact us," LulzSec said in its Tweet. "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down." [ID:nN1E75H04I]

FROM GERMANY TO THE BAHAMAS

LulzSec's has published reams of stolen data on its website, registered in the Bahamas, according to public records.

For a while, it conducted planning sessions using a secret chatroom known as a "Pirate Pad" that ran on a hacked server belonging to the German Pirate Party, according to a security investigator.

Authorities found that secret chatroom and shut it down last month by confiscating the server, said the investigator, who did not want to be identified as he was still trying to infiltrate the group by posing as a hacker.

Meanwhile, opponents of LulzSec released information last weekend that was allegedly taken from the group's computer system -- an embarrassing development given that LulzSec has said organizations with weak security deserve to be hacked.

A hacker group called Team Web Ninjas started a blog to expose LulzSec. It released what it said were logs of conversations from a private LulzSec chatroom and provided names of alleged leaders.

LulzSec's Tweets are sometimes funny, often sarcastic and occasionally laced with profanity. It recently claimed that some followers were able to use account data that it released on the Web to break into a Facebook account. The site has not commented on the matter.

"Watching somebody's Facebook picture turn into a penis and seeing their sister's shocked response is priceless," LulzSec said in one Friday Tweet. "This is the Internet, where we screw each other over for a jolt of satisfaction ... There are peons and lulz lizards; trolls and victims."

(Editing by Tiffany Wu, Dave Zimmerman and Steve Orlofsky)

((jim.finkle@thomsonreuters.com; + 1 617 856 4344; Reuters Messaging: jim.finkle.reuters.com@reuters.net)) Keywords: CYBERSECURITY LULZSEC/

(C) Reuters 2011. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.

Copyright 2011 Thomson Reuters. Click for Restrictions