This Sunday, the newest star of hacktivism – Lulz Security – announced it would be going into early retirement, and would immediately end its hacking ways. Although less established than other hacking groups such as Anonymous (LulzSec hasn’t even been hacking for two months), the online organization has already become a world phenomenon through their news grabbing antics, which include hacks of:
- The CIA (Hacked and shut down the public site)
- The US Senate (Hacked the public site and took internal files)
- Sony (Hacked into secure network, stole tens of thousands of users’ data, and publicly released the information online)
- Black & Berg Cybersecurity (Hacked the cybersecurity firm who had challenged hackers to change its website homepage, and changed its website homepage)
- Pron.com (Hacked the porn site, stole tens of thousands of users’ emails and login passwords, and publicly released the information online)
- PBS (Hacked and posted a fake story declaring Tupac was alive in New Zealand)
- Arizona Law Enforcement (Hacked in and released hundreds of internal documents in an operation entitled “Chinga la Migra,” aka “Fuck the Border Control”)
So why call it quits? LulzSec was quickly on the rise to become one of the world’s most prominent hacktivist groups, and their name (“Lulz” means laughs, for you non-Millennials out there) and posts imply that they were enjoying the ride.
One theory I’d like believe is that this group’s goal wasn’t havoc and destruction, but rather improvingcybersecurity. In many of its attacks, LulzSec actually encouraged its victims to enhance their security. Take, for instance, their eloquent statement after hacking the U.S. Senate:
“We don’t like the US government very much. Their boats are weak, their lulz are low,and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!”
Unlike the hacking scandal that rocked Sony several months ago, LulzSec only grabbed email addresses and names – info publicly available on sites like Facebook – rather than credit card information. And while attacks on the CIA and U.S. Senate seem threatening, these hacks against the public websites brought renewed attention to the issue of cybersecurity without any sensitive data being compromised. When Black & Berg offered to make good on its $10,000 reward to anyone who could hack their site Lulz Security simply responded “Keep your money. We do it for the Lulz.” Is it possible these hackers are genuinely interested in a safer and more secure cyberspace?
It’s a nice idea, but the more popular theory on why LulzSec called it quits is self-preservation. Recently arrests have been made against suspected LulzSec members in the UK and Iowa, prompting speculation that the group was disbanding out of fear of being caught. While this is slightly less romantic than the hacking-to-end-hacking concept, there is still something we can learn from it.
As anyone who has ever read the comments section on a online news story knows, people treat their online activities less seriously than what they do in person. This misconception that reality ends in cyberspace is something we need to move past; the online world is just as much a part of the world as anything else, and contains many of the same consequences. I highly doubt members of LulzSec would find it smart to personally break into CIA Headquarters or the U.S. Capitol Building, but that is essentially what they are doing. Hacktivism may seem safe, rebellious, and even idealistic from the security of a laptop, but in the end, it’s still a crime. And that is no laughing matter.