SECURITY

What is “LulzEnd”?

6/1/2012 6:03:59 PM

Kevin Pocock notes the recent high-profile hacking indictments, and a leader turned informant.

In May 2011, the website of the US broadcaster Fox was targeted by the hacking group ‘LulzSec’. Data including the details of 73,000 X Factor contestants was leaked. Shortly afterwards, the website of the PBS (American Public Broadcasting System) came under attack. Then, to varying degrees, the websites of Sony, Nintendo, Bethesda Studios, Sony and the CIA were also compromised, along with others.

Hacks weren’t uncommon, but these attacks had a welcome, indeed willing, publicity to them. And, as it turns out, LulzSec, who even took suggestions for targets from its Twitter followers, were doing it ‘for the lulz’. Between May and the end of June 2011, the group ran riot, but its ‘planned 50 day voyage’, ended just after it joined forces with Anonymous to launch Operation AntiSec. The group’s final message, posted on YouTube on 27th June 2011, can be seen at tinyurl.com/658yhyr.

Start at the end

For LulzSec, though, 7th June 2011 had already marked the end of the line. That was the day, according to an exclusive Fox News report published on 6th March, that two FBI agents came face to face with ‘Sabu’, the LulzSec ‘leader’: Hector Xavier Monsegur, an unemployed 28-year-old man living on the sixth floor of the Jacob Riis housing complex in the Lower East Side of New York. Sabu was, according to a law enforcement official, ‘Brilliant, but lazy’, and lazy enough to claim ‘I don’t have a computer’, even as, to quote Fox, ‘Behind Monsegur, the agents saw the Ethernet cable snaking to his DSL modem, green lights blinking on and off.’

Description: Hector Xavier Monsegur, aka ‘Sabu’

Hector Xavier Monsegur, aka ‘Sabu’

Lazy or not, reports have since surfaced that after that meeting on 7th June, Sabu worked incredibly hard to cooperate with government agencies so as to inform on his friends and associates, and shore up governmental and company websites, in a deal agreed to in no small part because of his guardianship of his two children. So when Jake Davis of the Shetland Islands was arrested on 27th July on suspicion of being the LulzSec ‘media man’ ‘Topiary’, Sabu no doubt knew it was coming. Not only this, but he may well have helped enable the action.

Other core members were similarly arrested. Ryan Ackroyd of London, allegedly aka ‘Kayla’ was the owner of the botnet utilised as LulzSec’s main weapon in the DDOS (Distributed Denial Of Service) attacks on targeted websites and services. He was also indicted on 6th March. So was Darren Martyn of Ireland, allegedly aka ‘Pwnsauce’; supposed LulzSec associate Donncha O’Cearrbhail, believed to go by the handle ‘Palladium’; and ‘Anarchaos’, allegedly Jeremy Hammond of Chicago. Another core member, ‘T-flow’, was reported as arrested by London’s Metropolitan Police on 19th July 2011, while ‘Joepie91’ the owner of the LulzSec IRC channel was apparently arrested on 21st June 2011, just 14 days after the FBI found Sabu.

Puzzle pieces

These dates are interesting because they also make quite a lot of sense. Although various personalities within the wider hacking community spent hours attempting (and, as it turns out, some actually succeeded) to ‘dox’ (publish personal details of) the members of a group, the FBI and other law enforcement agencies seem to have had a set path of action in dealing with LulzSec.

Sabu’s arrest came as the result of him logging into an IRC channel using his real IP address, rather than a proxy. A small mistake, but once the FBI caught up with him, his and LulzSec’s self-publicity did enough to all but condemn him. Assuming that international law enforcement agencies wanted an end to LulzSec rather quickly, it’s no great leap to assume that disrupting their communication was a starting point. JoePie91 was caught up with. And although at the time LulzSec commented that JoePie91 wasn’t actually a member, the arrest of a person believed to be the owner of their IRC channel, and the cooperation of Sabu, no doubt provided yet more information in moving the cases forward.

If we take to Twitter, a much-loved output for the group, even more becomes clear. The account of Topiary went quiet at the end of July, with all tweets being deleted, except for one previously posted on the 22nd, reading, ‘You cannot arrest an idea.’ LulzSec’s account, which Topiary is believed to have handled, became inactive on the 27th July, the day Jake Davies, accused of being Topiary, was arrested. The account of Kayla, the group’s botnet owner, suddenly went quiet on 1st September.

We also now know that on 15th August Sabu was pleading guilty to a combined 12 charges against him. Charges including consipracy to engage in computer hacking, computer hacking, conspiracy to commit access device fraud, conspiracy to commit bank fraud and aggravated identity theft.

A total ruse

Back on Twitter on 17th August, just two days after the aforementioned plea, Sabu posted a quote from the movie The Usual Suspects: ‘The greatest trick the devil ever pulled was convincing the world he did not exist. And like that… he is gone’. And like that, Sabu was indeed gone… sort of.

Depending on your point of view (hacker or law enforcer), the ‘devil’ in question might well have ceased to exist at this point, or was just moving into existence. After a few weeks of silence, Sabu was back tweeting, but not before he told Gawker in an alleged phone interview that talk of him cooperating with the FBI was ‘bullsh*t’. He added, ‘I stop posting on Twitter and mad rumours get started.’ However, it wasn’t just other hackers questioning the disappearance. The owner of a Twitter account by the name of ‘@mockingbird36’, partly directed a tweet at the the high-profile ‘hacktivist of good’ known as ‘The Jester’, commenting, ‘Interesting how Sabu disappears for a few weeks, then suddenly reappears, and then arrests are being made #Cooperating’.

Description: The mascot of LulzSec, once a toast of ‘hacktivists’

The mascot of LulzSec, once a toast of ‘hacktivists’

Many observers were no doubt thinking the same thing, but with Sabu returning to his tweeting as if nothing had ever happened, towing the ‘Free Topiary’ line, and continuing to engage in anti-governmental dialogue, it seems he had enough trust from those also allied to his claimed causes to be given credibility. It turns out that for his associates and contacts in the hacking community that may have been a very bad idea. Monsegur’s charges add up to a potential prison sentence 124 years and six months, but it’s not yet confirmed how any sentence will be dealt with in light of his cooperation.

What now?

At the time of writing, and as of 5th March, Sabu’s once reinvigorated Twitter account has gone silent once more. This was the day before high-profile members of LulzSec and Anonymous, including those I’ve mentioned, were charged. Sabu’s last – I won’t say final – post was the German phrase, ‘Die Revolution sagt ich bin, ich war, ich werde sein.’ Translated, it reads, ‘The revolution says I am, I was and I will be’ and is a quote linked to Rosa Luxemburg, a far-left German revolutionary. The full, proper quotation is ‘Tomorrow the revolution will ‘rise up again, clashing its weapons,’ and to your horror it will proclaim with trumpets blazing: I was, I am, I shall be!’.

Yet like his previous, Usual Suspect-inspired, cryptic message, who it is aimed at is hard to judge. If it is law enforcement agencies, will they take any notice, having had Sabu working for them, providing potentially huge amounts of important information on international hacking associates? If It’s his Twitter followers and those same international associates, will they take any heed of words from a man who has been working against them?

Anon go on

It’s impossible to tell at this stage, but while the lulz might have ended, the linked group Anomymous is certainly looking forward, seemingly untroubled by events. While FBI sources have been quoted as saying they’ve taken the head off the group, Anonymous followers have disagreed, with a tweet from the @YourAnonNews Twittter account reading, ‘We don’t have a leader. A movement against authority without leaders drives authority insane; they cant break down a movement by corrupting the leader.’

This was supported by the words of the on-off spokesperson for Anonymous, Barrett Brown, who told CNN, ‘…[the] indictments won’t disrupt the organisation’s action over the long-term. There are more than enough people around.’ He added, ‘Major operations going forward won’t be interrupted.’ Still, one thing seems certain: The lulz boat, and all who sailed on her, have been well and truly dry-docked.

Description: LulzSec.com as it is today

LulzSec.com as it is today

Description: Anonymous, as its artwork suggests, claims no head

Anonymous, as its artwork suggests, claims no head

Other  
 
Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8