What LulzSec teaches us about hacktivism

They only engaged in their cyber wilding for 50 days. But, boy, did members of the hacktivist group Lulz Security get their money’s worth when it comes to media attention. They garnered lengthy coverage in the mainest of the mainstream and the geekiest of the trade press for their attacks on websites belonging to the CIA, U.S. Senate, an Arizona law enforcement agency, Sony, and a host of other government and corporate entities around the world.

The self-claimed six people behind LulzSec, apparently a splinter group of the hacktivist collective Anonymous, announced at the end of last month — via Twitter, of course — that their operation was over. What they didn’t mention was whether they were shutting down because they were feeling the heat from law enforcement agencies, which have arrested one British citizen with an alleged connection to the group and questioned many others in the United States and elsewhere.

So what are we to make of LulzSec’s trail of crippled and defaced websites, stolen passwords, and public posting of private and sensitive information intended to intimidate and shame? There are at least a few points to note.

1. Government agencies are big, fat targets.

The muddy manifestos and make-it-up-as-they-go-along tactics of groups like LulzSec indicate that these are crimes of opportunity against carelessly vulnerable targets more often than they are the product of a cogent political philosophy. On a particular day, hacktivists might target a big media company, such as Sony, because of its efforts to curb copyright infringement. But any day is apparently a good one to attack a government agency. PC Magazine’s Chloe Albanesius reports that the group Anonymous has vowed to carry on the work of LulzSec and said its data theft and outing efforts would primarily target “corrupt Governments (in our world this is all Governments) and corrupt companies."

2. Hackers love social networking, too.

Social networking is the new tool in the public relations-savvy hacker’s bag of tricks. The LulzSec Twitter feed had an impressive 283,000 followers by the time the group went silent, changing hacktivism forever, writes Damon Poeter in PC Magazine. “The final ingredient in the group's success was simple,” Poeter writes. “LulzSec delivered. During its 50-day run, LulzSec alerted the public to a high-profile hack, Web page defacement or site takedown about once every three to four days.”

3. Hacktivists are their own worst enemies.

Hacktivists are a boastful, egotistical bunch. They are also prone to professional jealousy. It doesn’t add up to a desirable profile for a stable professional life. “Their Achilles’ heel is they want attention,” Rob Rachwald, director of security strategy at Imperva, told Government Computer News’ William Jackson. However, the interest of law enforcement is not the only kind of attention hacktivists need to worry about attracting. Adam Martin of The Atlantic Wire put together a list of LulzSec detractors, ranging from an ex-military hacker to former LulzSec associates who have been trying to identify and publicize the group’s key members.

4. Some defensive responses will be easier than others.

Many of the hacktivists’ government victims have only themselves to blame because they should have assumed that they would be targets and because they did not have adequate defenses in place against well-known cyber threats, according to GCN’s Jackson. There is no good reason why those vulnerabilities cannot be addressed.

But developing policies and laws that protect free speech and association in the uncharted and highly combustible territory that is the Internet is a much trickier and complicated task. Greater government control of cyberspace will only further radicalize hacktivists and dampen the Internet’s potential as a tool for liberty, writes Loz Kaye, leader of Internet freedom advocacy group Pirate Party UK, in the Guardian. “We've reached a critical juncture: Either we sail headlong into escalating confrontation, or we attempt to change tack and reduce the tension by finding a democratic way forward,” Kaye writes.

That prospect makes installing a software security patch seem pretty easy by comparison, doesn’t it?

About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Sun, Jul 24, 2011 Free The People

I came from that time when hacking was a way of just trying to better understand the system as a whole. Yes we had fun but we tried to find the holes and plug them only to find that once one hole was plugged it only lead to another hole. I suggest that if the C.I.A and F.B.I along with every other Federal agency that feels the need to put unbelievable vital to national security items on a sever that has threads to the public domains put themselves on a separate communications grid. Like let's say their beloved Internet 2. This way they can only point the finger at themselves when they get hacked and just leave us alone and let the private sector work out its problems this way the best man standing will be the one that is most secure and cost effective. The open attacks you have seen are not coming from rouge hackers. They really don't work that way. This is not a Bruce Willis movie. This is way to highly organized and well all roads lead to Rome. The next big attack will take down something dangerous and we will fear ourselves into letting the D.O.D control the net as we know it. When this happens just know this one bit of info. Water stations, Nuke Plants and so on are not linked into the grid period and that's a fact. The only way to get control of those systems is direct. Remember this as well the "Stuxnet Virus" was created by who? can't remember well here you go. http://www.infowars.com/confirmed-stuxnet-was-fal...

Fri, Jul 8, 2011 Jack A.

It should be noted that Pirate Party UK is not an "Internet freedom advocacy group" but a political party registered with the Electoral Commission in the UK, although it does indeed advocate Internet freedom.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above