Skip to main content

LulzSec wages war with Anonymous and 4Chan, releases 62,000 logins [update]

lulzsec-vs-anonymous

The rascally hackers of Lulz Security have unleashed pure havoc on the entire Internet today with the release of 62,000 email-password combos that serve as the login credentials for, well, we’re not exactly sure — the group, better known as LulzSec, won’t say explicitly. But so far Twitter users have reported hacked Gmail, PayPal, Facebook, Hotmail and Twitter accounts related to the stolen data, so it appears that nothing’s safe if you’re unlucky enough to have made the list.

The lulz seem to be going both ways with this one: good and nauseatingly bad. While at least one user reports having received an email chocked full of child pornography, others have gotten (un-earned) super-boosts to their World of Warcraft accounts (at the expense of someone else, of course). All-in-all, it would seem LulzSec’s shenanigans are going precisely according to plan.

In addition to the leak, LulzSec has begun to take shots at an unlikely target: 4Chan.org and its infamous /b/ message board. 4Chan is famously the original home of another hacker group, Anonymous, and is the source of a wide variety of popular Internet memes, like LolCats and Rick Rolling.

According to VentureBeat, the moves against 4Chan began after LulzSec kicked-off a “DDoS party” on a variety of websites and game servers popular with gamers, including that of EVE Online, League of Legends and Minecraft, all of which faced outages or major slow-downs because of the flood of malicious traffic.

Visitors to 4Chan’s /v/ imageboard, whose users focus on video games, caught wind of the attacks, and began their own DDoS campaign against anything related to LulzSec.

Today, LulzSec continued the civil war of the online underground with a series of tweets meant to provoke 4Chan visitors.

“Everybody visit this cool and edgy imageboard, they love new members!” wrote LulzSec on its 150,000-follower-strong Twitter feed, with a link to /b/. “Ask them how to triforce and how to become legion.”  LulzSec followed this up with a variety of other tweets drawing attention to /b/, with suggestions for how to annoy its regular users.

It may seem odd to some that LulzSec would hit so close to Anonymous’ home, seeing as they are both hacker groups that have hit similar targets. (Or, in the case of Sony, the same target.) But LulzSec has consistently denied any relation to Anonymous. And now, it seems, the two groups are at war*.

“We are the concentrated success of 2005 /b/, being ‘hunted’ by the 2011 furry horde. Challenge accepted, losers,” Anonymous posted to its Twitter account.

At the beginning of this writting, 4Chan either failed to load or loaded extremely slowly, a sign that a DDoS attack was underway. By the the time of publication, the site was running smoothly.

UPDATE: *Both Anonymous and LulzSec have denied that they are at war. “Saying we’re attacking Anonymous because we taunted /b/ is like saying we’re going to war with America because we stomped on a cheeseburger,” said LulzSec on Twitter early Friday afternoon. The Anonymous-associated Twitter feed YourAnonNews furthered that assertion, saying, “We are NOT at war with @LulzSec.”

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
LulzSec now taking phone requests for DDoS attacks
lulzsec-tupac-pbs

UPDATE: The CIA's website currently appears to be down and LulzSec has claimed responsibility via Twitter.
Lulz Security , better known as LulzSec, the unscrupulous hacker group whose targets have ranged from porn sites to PBS, is now taking requests over the phone. In a tweet posted yesterday, LulzSec unveiled a phone number where people could call in and leave the name of a target website. If LulzSec approved, it was suggested that the hacktivist group would then initiate a distributed denial of service (DDoS) attack to render the site inaccessible.
"Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon - take aim for us, twitter," read LulzSec's tweet. The number's area code points to the Colombus, Ohio area, however, it's not at all likely that any members of LulzSec are actually based there. Throughout the day today, the group's Twitter feed has many several mentions of the hotline number, encouraging followers to call in with requests.
We called the number (but didn't leave a message, obviously) and were greeted by a voicemail message spoken by a "Pierre Dubois" in a French accent of questionable authenticity. LulzSec has claimed that it took down a total of eight websites handpicked by its followers on the first day of the hotline's existence. LulzSec also boasted that the number has received over 5,000 missed calls and taken in some 2,500 voicemail messages.
LulzSec's decision to field DDoS requests over the phone may at first seem like an open invitation to be cornered by the authorities. But, in age where anyone can establish a Google Voice number, it's also likely that a voicemail system is likely just as secure than most methods possible through the Internet. LulzSec hasn't said if the hotline will become a permanent fixture in the group's ongoing quest for "maximum lulz."

Read more
For the Lulz: Escapist, EVE online and others attacked in LulzSec DDoS party

Lulz Security, also known as LulzSec or “those $#*! hackers again”, continued their unchallenged online rampage today. They dubbed their latest hacking conquests: Titanic Takeover Tuesday. The casualties of the attacks include Escapist Magazine as well as some popular online gaming sites.
Lulz Sec started off today's string of attacks with the online Escapist magazine. Robert Mcmillian at IDG News points out a possible connection between the wrathful swarms of comments after the Bethesda hack and the strike against the online magazine. One forum member wrote, “I want them caught and punished, a few years in jail for people like that would be hell”. The DDoS tactics kept the magazine struggling to stay online for a good portion of the day.
Though the attack on the Escapist may or may not have been retaliatory, the hacker group kept in line with their random “for the lulz” theme and invited anyone to recommend new targets to obliterate by calling 614-LULZSEC. The Twitter account claimed that by the end of the day they had 3500+ missed calls and 1500+ voicemails for the Lulz Cannon.
After tweeting for suggestions, the group went to work on wiping out the login server for EVE Online, the Minecraft login server and League of Legends. Their efforts ended up inadvertantly took down game websites as well. The total conquests for the day's “DDoS party” include: the Escapist magazine, the 3 gaming websites as well as 8 phone requests. So far, Lulzsec has put their stamp on PBS, Sony, Nintendo, FBI's Infragard, the U.S. Senate, Unveillance, CitiGroup, and a porn website. There doesn't seem to be any website safe from being exploited for Lulz.
The twitter account also mentions a thread on 4chan's infamous /b/ board, following the attacks on LOL and the other gaming sites, which announced a challenge LulzSec may be taking seriously. “We are the concentrated success of 2005 /b/, being 'hunted' by the 2011 furry horde. Challenge accepted, losers” they tweeted. Perhaps the anarchistic 4chan imageboards will be the next stop for the Lulz ship.

Read more
LulzSec hits 50+ porn sites, exposes user data
Lulzsec-hackers

In their ongoing quest for laughs at the expense of everyone else, hacker group Lulz Security has hit a new type of target: Porn. The group announced on Friday that it had infiltrated 56 porn sites, stolen and posted administrative emails and published an additional 26,000 emails and passwords from users of Pron.com.
"Hi! We like porn (sometimes), so these are email/password combinations [sic] from pron.com which we plundered for the lulz," the group wrote in a release on their website, which also contained all the stolen email addresses and passwords.
The user data posted by LulzSec cannot be used to access the porn website accounts. Instead, it simply exposes the users as watchers of porn. The group specifically pointed out users with government and military email addresses who had signed up for the porn site.
But hacking porn sites wasn't all LulzSec did in the past 24 hours. In a seemingly uncharacteristic move (as if we could say what the character of LulzSec is in the first place, which we cannot), the group alerted the British National Health Service to its network's password vulnerabilities, and took down Muslim terrorist website aljahad.com. (Admittedly, the latter appears to have been carried out as a jab against rival hacker "Th3 J35t3r," who took down the same site on June 5.)
These cyber shenanigans follow LulzSec attacks on PBS.org, Sony, Nintendo, FBI affiliate Infragard Atlanta, and data security company Unveillance, among others.
Since the attack on PBS.org on May 30, which involved posting a fake story about deceased rapper Tupac Shakur living in New Zealand, LulzSec's following on Twitter — where the majority of its statements and communications are published — has exploded to more 120,000.
The group has even managed to gain a following amongst members of the "white hat" cyber security industry — the people supposed to be fighting against LulzSec and their ilk — simply because they've so successfully made clear that most digitally stored data is woefully exposed.
"LulzSec is running around pummeling some of the world's most powerful organizations into the ground... for laughs! For lulz! For shits and giggles!" writes security expert Patrick Gray on Risky.biz. "Surely that tells you what you need to know about computer security: there isn't any."
So, who's next on LulzSec's list of unlucky entities? Who knows! But we'd wager that Sony's on there somewhere.

Read more