Pin Me

Ethical Hacking for Lulz?

written by: •edited by: J. F. Amprimoz•updated: 6/30/2011

Could the LulzSec group be described as ethical hackers, or were they simply in the game for a laugh and the chance to show off?

  • slide 1 of 4

    Lulz Security You’ve probably heard that LulzSec, the online hacktivist group whose identity is kept a secret, have announced a conclusion to what they described as “50 days of lulz”, during which time they wreaked havoc against a wide selection of targets from religious groups to government departments, electronics giants to TV talent shows and many others.

    While some might have been entertained by the group’s exploits, others might have been dismayed by this type of cyber terrorism. But were LulzSec really that bad? Was what they did genuinely as bad as the press would have us believe, or did the group fulfil a vital role in highlighting flaws in computer networks that should have been far more secure?

    After all, companies such as Sony and major government departments have massive IT budgets to deal with these types of problem. Specialists are employed for several hundred dollars per day to shore up networks and prevent intrusions, and where it is your data that is being so poorly protected, wouldn’t you like to know about it?

    Image credit: Wikimedia Commons/Polyquest

  • slide 2 of 4

    Just Who Are LulzSec?

    Using the motto "Laughing at your security since 2011!", LulzSec – short for Lulz Security – spent several months of their time embarrassing several companies by basically exposing poor online security.

    These weren’t just any companies, however – LulzSec chose big names, such as Fox News, The X Factor, and Sony. Using comparatively basic attacks (such as SQL injection, the technique that they used against Sony’s PlayStation Network and a constant threat which the major electronics giant should certainly have been aware of) they were able to take down major websites, later claiming responsibility. The idea was to raise awareness of the lax security measures in place by bodies that should know better, although there was also an element of revenge involved; for instance, the Sony attack was in retaliation for the company’s pursuit of George Holz and his cracking of the PS3 DRM.

    In the background, LulzSec is believed to be a handful of individuals with scripting and hacking skills and a possible previous affiliation with the Anonymous group who have been involved in various “hackitvism” campaigns over the past few years such as the 2011 leak of damaging documents purported to be from Bank of America.

    Ultimately, LulzSec claim that they do what they do for fun: “for the lulz”. “Lulz” is a variation of the term LOLs, derived from the text speak alternative for the phrase “laugh out loud”.

    You can currently find out more about LulzSec and the list of names that they have made look a little foolish on the website, http://lulzsecurity.com.

  • slide 3 of 4

    More than Virtual Vandalism

    There is a lot more to all of this than just virtual vandalism, of course.

    Whether it is LulzSec or Anonymous carrying out the latest cyber-attack (LulzSec’s claims that they have brought an end to their campaign will eventually be confirmed by inaction), and whether or not you agree with their actions, the fact of the matter is that they are able to highlight these security vulnerabilities with unnerving regularity and ease.

    If your details were leaked during the recent PlayStation Network attack, for instance, as far as LulzSec are concerned all they were doing was underlining how insecure your details were. Using a denial of service attack, LulzSec were able to take down the CIA website in June 2011, while in the same month they revealed security holes in the British National Health Service and the US Senate website.

    Pointing out these flaws is important, especially when the information at risk is sensitive.

  • slide 4 of 4

    Who Really Loses?

    While there is something refreshingly modern and grassroots about LulzSec’s hacking attempts against monolithic, faceless entities with little regard for the common man, there is also something worrying, something that gives the feeling that they have only looked at one side of the coin.

    After all, if a business is put out of action for several days, it hits their profits, which in many cases impacts shareholder dividends and executive bonuses, and this in turn can be felt further down the line by the companies they trade with and their customers. A hack attack such as the one experienced by the PlayStation Network might have raised a few satisfied smiles from the Xbox Live community, but the effects of this will be felt at street level at some point with higher prices for games and hardware, or perhaps reduction in the number of titles appearing on PSN.

    In addition to lost revenue, Sony is also the subject of various class action lawsuits by some of the owners of the 77 million credit card details that were thought to have been exposed during the hack.

    That’s quite a price to pay for something done for Lulz.