Skip to main content

Hacker vigilantes Web Ninjas lashing out at LulzSec

Web NinjaIt may seem like an era of internet insecurity has been ushered in thanks to Anonymous and Lulzsec, but one group called the Web Ninjas is fighting back and even claims to have exposed the identity of LulzSec’s leader.

Web Ninjas created a website called lulzsecexposed where they do just that, methodically post the exposed identities of LulzSec members. These internet vigilantes have posted IRC chat logs and personal information on many LulzSec members including Kayla, Topiary, Joepie and many others.

Topiary is the mouthy lizard in charge of LulzSec’s Twitter account, and Joepie is probably the one behind the Lulz Security website. They are from Sweden and the Netherlands. Kayla, the 16 year old which you may remember from the HBGary debacle, is actually an older man from Canada. He’s said to be in possession of a monstrous botnet. Most of the others are from the U.S., including Nakomis from UC Berkeley. BarretBrown was found to be a part time Journalist for the Onion, the Guardian and Dailykos, and was pushing the Anonymous and Lulzsec agenda to the media using his contacts.

And the thing de resistance? The leader of LulzSec has allegedly had his photo posted by the group. Web Ninjas claims they also have his name, address, location etc., but are withholding until they submit the sensitive info to the FBI. “Game over for you Guys” they volley at the Lulz boat. The Ninjas claim that LulzSec’s Operation Anti-Security is an attempt to crawl back up their Anonymous mothership’s chute to heal wounds. The ninjas brag “we have shown them that they are not the ‘Internet Gods’ they think they are.”

None of the Web Ninjas’ information has been officially confirmed, but it hasn’t been loudly criticized either. Th3J35t3r (or the Jester), patriotic hacker behind the wikileaks hack is cited as helping the group and even mentions the blog on his website. If they are real and not a figment of misinformation, the Ninjas may be the balance needed right now. Their message?

“We want to see a Safe and Peaceful Internet for every one, not some bunch of kids threatening web and trying to own it for LULZ or in the name of publicity or Financial gain or Anti-Govt Agenda.”

Editors' Recommendations

Jeff Hughes
Former Digital Trends Contributor
I'm a SF Bay Area-based writer/ninja that loves anything geek, tech, comic, social media or gaming-related.
LulzSec and Anonymous unite for Operation Anti-Security
lulzsec and anonymous unite for operation anti security

Despite some speculation about an alleged rift between hacktivist groups LulzSec and Anonymous (which was swiftly denied), the two underground organizations have teamed up to take on the lack of government transparency. According to a LulzSec press release, the two will declare “immediate and unremitting war on the freedom-snatching moderators of 2011.”
Dubbing their effort Operation Anti-Security (#AntiSec for Twitter purposes), LulzSec and Anonymous will unite forces to expose faulty handling of user data or poor security measures. While the two groups both have similar operations, their targets and public profiles differ. Anonymous has a business-oriented approach and tends to hack oppressive governments or reportedly corrupt businesses; LulzSec, on the other hand, openly mocks its victims and doesn’t shy away from showmanship. It also makes no qualms about punishing vulnerable sites simply for their lack of security measure. Regardless of who exactly is behind these sects, security firm and government websites (which have frequently been at their mercy) should take notice. “Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments,” the statement reads.
These groups aren’t all talk. Gaming companies' web properties aren’t the only ones affected by the hackers, and the likes of the CIA and security firm HB Gary have also been successfully infiltrated. The site for UK-based Serious Organised Crime Agency was taken down earlier this morning, which LulzSec claimed responsibility for. It has since been restored.
A new era of Internet warfare has been ushered in by these hacktivist groups, and they’ve proven that hardly anyone is safe. How long these operations will last is unknown, and both groups largely claim they genuinely want to bring attention to Web privacy issues as well as the insecure sites consumers put their faith and personal data in. “Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value,” LulzSec says. “This is what you should be fearful of, not us releasing things publicly.”

Read more
LulzSec to critics: We’re doing you all a favor
LulzSec

In celebration of its 1000th tweet, the merry hacksters of Lulz Security issued a manifesto Friday that gives an inside look at the guiding philosophy behind their recent campaign of cyberattacks, and explains why the group isn't really as nefarious as their identity-theft exploits suggest.
"For the past month and a bit, we’ve been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony," said the group in a statement posted to Pastebin.
Just don't think these attacks are a bad thing, says LulzSec -- or at least not as bad as they could be.
"The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you," says LulzSec. "But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…"
Whether we want to admit it or not, LulzSec explains, none of us are safe from the hoards of depraved digital villains who lurk in the shadows of the online world. Of course, we can condemn LulzSec for stealing hundreds of thousands of website-users' identities. But we should also be thanking them for at least telling us about it, the group says.
"We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords," writes LulzSec. "What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach."
This sentiment -- that LulzSec is doing us all a favor by publicizing their dastardly deeds -- is actually shared by a growing number of people the "white hat" (i.e. non-criminal) cybersecurity industry. These people, tasked with protecting us from their evil counterparts, have been trying desperately for ages to explain the cornucopia of risks that goes with life online. Until now, however, few have paid attention. Instead, most of us non-hackers hide behind paper walls of anti-virus software, thinking we're all-good. LulzSec simply forces us to pay attention.
Regardless of whether you agree with LulzSec, the group says they're not going anywhere, at least until they're "brought to justice, which [they] might well be." And even if LulzSec is taken down by the authorities, there will just be some other group to take their place. "This is the lulz lizard era," says LulzSec. Arm yourself, or get used being abused.
Read the full LulzSec statement below. (WARNING: Some NSFW language):
Dear Internets,
This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).
For the past month and a bit, we've been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.
While we've gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing...
Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.
Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some level.
And that's all there is to it, that's what appeals to our Internet generation. We're attracted to fast-changing scenarios, we can't stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway...
Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that's yummier. We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living fuck at this point - you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren't mentally disabled.
This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There's losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we're fully aware that every single person that reached this final sentence just wasted a few moments of their time.
Thank you, bitches.
Lulz Security

Read more
LulzSec DDoS attacks disrupt CIA and other U.S. agencies’ sites
LulzSec

Hacker group LulzSec continued their antics today with brazen attacks against U.S. agencies. The CIA website was hit this afternoon by a DDoS attack, the Detroit FBI headquarters were hit with a phone DOS and the Senate also claims the group attempted to break into their website for the second time.
“Tango down – CIA.Gov- for the lulz.” the group taunted on the LulzSec Twitter account. Immediately after the tweet and for the rest of the day the agency's website loaded slowly or not at all. CIA representatives had no real comment on the events, only that they were looking into it.There is no evidence that sensitive data had been compromised. Service to the U.S. Central Intelligence Agency site resumed a more reliable nature once LulzSec showed a little mercy.
“Goodnight twitter. The CIA anti-lizards will probably rise from the packet sea while we rest our shining -yet-saturated power field arrays,” the group tweeted, 4 hours after the attacks began.
Before the CIA site takedown, LulzSec was also redirecting their publicly available 614-LULZSEC request line to many targets' call centers, creating a DOS for the phone service. Along with the FB I in Detroit, the hackers' “phone redirect hive" hit WOW customer support and HBGary as well as the customer support for magnets.com who reportedly took in 200+ calls a minute.
Over the weekend, the U.S. Senate claimed that LulzSec managed to infiltrate their servers. The hacker group released stolen data, but Senate Deputy Sergeant-at-Arms Martina Bradford released a statement which said the data wasn't sensitive and was intended for public consumption. On Wednesday the Senate also reported that their website was attacked once again, though it is not clear if this was the work of the LulzSec.
All of this discord comes at the heels of yesterday's Titanic Takeover Tuesday where several popular MMO's were hit with DDoS attacks. LulzSec has also hit numerous high-profile sites including SONY, Nintendo, and FBI's Infragrade, showing off their muscle. Reuters says that security analysts have downplayed these attacks which are only for attention since there hasn't been any sensitive data lifted.
Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld, points out that, “All they're doing is saying 'Look how good we are'. These guys are literally in it for embarrassment, to say 'your security is crap.'”

Read more