Chapter 2: LulzSec’s Motivations

Determining what motivated LulzSec to unleash its series of hacks in the summer of 2011 was a difficult process. Debate still continues on just how serious LulzSec’s attacks were.

Part of the group’s name is a play on an Internet acronym. The term Lulz is a phonetic spelling of the Internet term LOLs, which is short for laughing out loud. (en.wikipedia.org/wiki/LOL)

Multiple posts stating LOL might be made on an Internet message board or on Facebook. Most of the time, LOLs are used when an Internet prank is particularly successful. Because many of the LulzSec attacks had a humorous or prank-like slant, they might have generated many LOLs from the group’s members and fans, hence the name.

The term Sec is short for security. Computing, network, and Internet security personnel often shorten security to sec in everyday conversations. However, the group does not always use sec. In fact, the group’s Web site – www.lulzsecurity.com – spells out security in its entirety.

When you combine the two terms, you end up with LulzSec. The term could be read as laughing out loud at security. The group created a motto – Laughing at your security since 2011! – that continues this theme.

You can read more about the group’s motto, and a famous attack against PBS, at: www.stuff.co.nz/entertainment/music/5079309/Hackers-claim-Tupac-alive-in-NZ.

By including the idea of laughing at victims in its name, some people labeled Lulz Security’s members as pranksters. The group, at times, did not appear to be serious hackers bent on causing destruction and significant financial losses. Security personnel pointed at the group’s unsophisticated methods of attack as another sign that its members were little more than pranksters posing as serious hackers.

The group’s behavior at times seemed to strengthen this argument. Lulz Security has never listed one specific motivation for the attacks. In its various statements, LulzSec used humor, political statements, revenge against other hackers, calling attention to lax security, and support for WikiLeaks director Julian Assange as explanations for its motivation behind its attacks.

To learn more about Julian Assange, visit here: www.guardian.co.uk/media/julian-assange.

Lulz Security usually claimed credits for its attacks using Twitter, which isn’t the most serious form of communication. Using Twitter added to the general feeling that the group was pulling pranks.

Visitors to the LulzSec Web site were greeted with the theme from the 1980s television show, The Love Boat. The group’s Twitter site (twitter.com/#!/LulzSec) is called The Lulz Boat and states: “Lulz Security (LulzSec), the world’s leaders in high-quality entertainment at your expense –”

The group’s Web site encouraged visitors to make a donation to the group, which doesn’t exactly portray a well-funded, serious, secret organization. The donation system seemed to work, though, as LulzSec often sent Twitter posts with funding updates.

The group announced through Twitter that it received a single $7,200 donation in early June. Lulz Security had nearly 400,000 Twitter followers at one time. (twitter.com/#!/LulzSec/followers)

By taking credit for its attacks with flair and humor, LulzSec seemed to encourage the idea that it was just playing pranks. This situation caused some people to not take the group’s threats seriously. Although the group did nothing to downplay its humorous nature, it also claimed it had the ability to perform more serious attacks, if it so desired.

Even though Lulz Security is branded by law enforcement as a group that committed cyber-terrorism, some in the computer security industry don’t agree. Some applauded LulzSec’s ability to find and publicize holes in security protocols. The LulzSec attacks placed public attention onto the holes, forcing them to be fixed immediately.

You can learn more about how some security professionals felt about LulzSec at: www.dailymail.co.uk/sciencetech/article-2006118/Ryan-Cleary-charged-cyber-attack-CIA-LulzSec-takes-revenge.html.

Other security professionals appreciated the attention shone on the problem, but they would’ve preferred LulzSec’s members used a different method of publicizing the security holes.

A month after its first attack, LulzSec released a document that discussed the motivation behind its attacks. This manifesto discussed how the members of the group enjoyed hacking because of the mayhem that resulted. Attacks occurred for fun, the manifesto said.

You can see the LulzSec manifesto at: www.pastebin.com/HZtH523f.

According to the manifesto, LulzSec claimed it was doing businesses a favor by revealing security flaws. If businesses didn’t know about the flaws, hackers looking to do serious harm could exploit them instead. By revealing the group’s methods of attack and results from the attacks, according to LulzSec’s manifesto, the public could learn about vulnerable Web sites.