LulzSec Members Apparently Outed

  /     /     /  
Publicated : 22/11/2024   Category : security


LulzSec Members Apparently Outed


An anonymous post claims to put names to four of the groups six members, leading security experts to predict imminent arrests.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
Have some of the members of the LulzSec hacking group, behind website attacks against Sony, the CIA, the U.S. Senate, and others now been publicly named?
On Saturday, an
anonymous post
made to document-sharing website Pastebin named names, alleging that the core members of LulzSec are Sweden-based Daniel Ackerman Sandberg (aka Topiary), Iowa-based Wesley Bailey (aka Laurelai), New York-based EE or Eekdacat (no name, but an IP address provided), Britain-based Richard Fontaine (aka Uncommon), Hector Xavier Monsegur (Sabu), and Netherlands-based Sven Slootweg (aka Joepie91), amongst others.
The documents authors--who call themselves the A-Team--provided contact information for most of those people, though they said that they still lacked detailed information on LulzSecs leader, Sabu, as well as Kayla, who appeared to provide most of the botnets used in the groups attacks. The A-Team also alleged that Kayla was behind the Anonymous groups
attack against HBGary
as well.
There was no response to emails sent to Bailey, Fontaine, and Slootweg at the addresses provided in the Pastebin post.
Some of those handles and identities, however, had already been matched in anonymously posted documents, beginning in early June. According to LulzSec watchers, the leaking of chat logs led to at least two active members departing the group.
[Editors note: After this story was published, both Bailey and Eekdacat contacted InformationWeek.com via email and denied being part of LulzSec. Eekdacat alleged that the anonymous post contained fabrications. Eekdacat also denied being part of any Anonymous-related activities during the past six months.]
Related law enforcement investigations are apparently underway. For example, a group called
Backtrace Security
has been hunting for LulzSec members since February, and assisting an FBI investigation since March,
according
to
The New York Times
. Backtrace Security has also published a roundup of LulzSec members
profiles and apparent motivations
.
On Saturday, of course, LulzSec said it was
ceasing operations
. Security watchers say the move likely stems from the danger involved in the group continuing its activities. Not surprisingly, they are quitting. Lulzsec members are feeling the heat and are busy avoiding arrest. As predicted, the end of Lulzsec was inevitable. During this [past] week they tried to cover up themselves in order to avoid arrest by: regrouping with anonymous, creating the antisec operation, falsely claiming the UK census was hacked as a red herring, said Rob Rachwald, director of security strategy at Imperva, in a
blog post
.
We believe that these efforts werent successful--and we [will] soon hear about more arrests of LulzSec members, said Rachwald.
Anti-LulzSec groups have wasted no time in attacking LulzSecs legacy, commenting for example that LulzSec--aka gn0sis--may have been brazen, but the group doesnt appear to be especially skilled, especially since it hasnt hacked anything major since its
Sony intrusion
, which did expose one million passwords.
From what weve seen these lulzsec/gn0sis kids arent really that good at hacking, according to the A-Team post that contained the alleged identities of LulzSec members. They troll the Internet and search for [SQL injection] vulnerabilities as well as Remote File Include/Local File Include bugs. Once found they try to download databases or pull down usernames and passwords. Their releases have nothing to do with their goals or their lulz. Its purely based on whatever they find with their Google hacking queries and then release it.
For example, the group didnt exploit a strategic NATO website, but rather its bookshop. Ditto for the
CIAs informational, public-facing homepage
, and the Navys jobs board. Despite the government ties, those sites didnt store state secrets.
The anonymous post makes another interesting point: LulzSec said it was railing against dishonest white-hat and gray-hat hackers who make a buck by capitalizing on businesses security fears and ignorance. But LulzSecs hacking spree has arguably led more businesses to contract with security professionals of the type LulzSec claims to detest.
Whats funny to us is that these kids are all Anti-Security yet by releasing their hacks they are forcing these companies to have to hire security professionals which keeps the Security Industry that they are trying to expose and shut down, in business, according to the post.
Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity, and corporate accounts cleaned out by sophisticated banking Trojans. In this report, we explain what makes these threats so menacing, and share best practices to defend against them.
Download it now
. (Free registration required.)

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
LulzSec Members Apparently Outed