This weekend, a group calling itself LulzSec – short for Lulz Security – hacked into the website of the US Senate, and released some internal data, "just for kicks." Martina Bradford, the deputy Senate sergeant at arms, quickly assured the public that LulzSec had not gained access to the most sensitive portion of the site, but the hack has widely been viewed as an embarrassment for the government, and a sign of the growing boldness of Team Lulz.
So what is LulzSec? A group of Internet pranksters, more or less. Like Anonymous, another outspoken hacker organization, LulzSec has claimed responsibility for a string of high-profile breaches in the last month. Among them: the Websites of PBS and Fox – in the latter, LulzSec exposed a database of "X-Factor" contestants – and the promulgation of a rumor that the rapper Tupac Shakur was alive and well and living in New Zealand.
But perhaps the most notable escapade undertaken by LulzSec is "Sownage" – a sustained campaign against Sony. Most recently, LulzSec, which operates under the motto "laughing at your security since 2011," claimed it had retrieved over a million user accounts from the multimedia site SonyPictures.com. (Sony later confirmed the attack, and said it was under investigation.)
"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," LulzSec reps wrote at the time. "From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
In a widely read article, analyst Patrick Gray recently wrote that plenty of "security professionals are also secretly getting a kick out of watching [LulzSec] go nuts." His reasoning was simple: "LulzSec is running around pummelling some of the world's most powerful organizations into the ground... Surely that tells you what you need to know about computer security: there isn't any," Gray concluded.
LulzSec as security crusaders? Drop us a line in the comments section – we're listening.