LulzSec Says It's Stopped Hacking, but Criminal Case against It Gains Steam

Article excerpt

Those behind LulzSec - which forced the CIA's public website down and hacked Sony, among other things - are among the most wanted cyber-criminals.

The heat is still growing for a group of perhaps six to eight people believed to be behind Lulz Security, even though the flamboyant social-media-savvy enterprise suddenly announced over the weekend that it would stop hacking government and business computers.

Just a few days ago, the group was yucking it up, grandstanding for its 280,000 Twitter followers (up from 100,000 just over a week ago). On Thursday, it exulted in posting law-enforcement information stolen from the Arizona Department of Public Safety. Then on Sunday, it announced it was retiring from hacking.

"Our planned 50 day cruise has expired," the group wrote in a post, "and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love."

It added, "If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere." The group also encouraged others to imitate its cyberattacking ways.

But the wisecracker hackers - who forced the Central Intelligence Agency's public website down, hacked Sony, and tossed 62,000 passwords and e-mail addresses across the Internet like confetti - still remain among the most wanted cyber-criminals, cybersecurity experts say.

"These guys better hope that the FBI finds them first, because there are probably a lot of people in organized cybercrime who aren't very happy about what they've been doing - drawing all this attention," says Jeff Bardin, chief security strategist for Treadstone 71, a cybersecurity and intelligence firm based in Boston.

The term "Lulz" is hacker lingo for "laughs." All along, it has claimed that its activities are about "doing it for the laughs" and raising Internet security awareness. Its tag line is, "Laughing at your security since 2011!"

But for others, LulzSec's activities have been a serious matter. And in the end, the anonymity of the Internet may not have been anonymous enough for the very real people behind its hacker handles. Was Sabu the ringleader? Is Kayla the group's botnet expert? What about Topiary, Storm, Tflow, Joepie91, Avunit, and the others?

Those nicknames appear in chat logs from late May - purportedly conversations from LulzSec's private chat channel that were leaked anonymously to London's Guardian newspaper and posted to its website Friday. Other similar chat logs were leaked in March to the online magazine Gawker.

At about the same time, lists of names associated with the handles began to be tweeted along with a flotsam of corroborating information. Was Sabu living in New York City and Avunit in England? That was implied by one Internet security company report circulating online.

Some argue that chat logs are easily faked. Also, are the tweeted names of people really those behind the LulzSec attacks? Impossible to tell - yet.

But such clues could quickly become exhibits in criminal cases as more details are tweeted or divulged by vigilante hackers, computer security companies, or disgruntled members of the affiliated Anonymous group.

"The chances they'll get nailed are pretty good," Mr. Bardin says. "Sure, they're pretty smart about how they hide themselves and their tracks. But some of them have already been nailed," he says, referring to a recent arrest in England. "They've been tugging on the tail of the beast for a while, and now the beast is turning around to get them."

One vigilante hacker dubbed "the Jester," purportedly a former cyber-expert for the US military, has in recent weeks exposed details of the group's members, Bardin notes. …