Friday, June 24, 2011

LulzSec uncovered: are these the names and roles of the members?


The group behind LulzSec has never made its intentions clear – apart from a website which proclaims that "we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender [sic] year."
However Tal Be'ery, lead web researcher at Imperva, has put together a profile of LulzSec based on their own work, plus some information that is publicly available.
• LulzSec seems to be a spin-off of a group of hackers from the "Anonymous" organization.
• They hacked HBgary and Gawker under the umbrella of the Anonymous group, but then decided to create their own "gig". Why? Probably to be independent.
• The supporting evidence for that is that the same nicks [nicknames] are used on both anonymous hacking-related discussions (early 2011) and LulzSec (mid 2011).
• They communicate mainly via private IRC channels – and publish via Twitter and Pastebin.
• They mostly use web application vulnerabilities: they used SQL injection to hack PBS and (one of) the Sony hacks (against Sony Pictures).
• They also use automated tools to harvest databases, called Havij, as we can see from the leaked PBS hack screenshots.
The group is small – less than 10 or so. (This is confirmed separately by security researcher Rik Ferguson of Trend Micro, who comments that "it seems to be a tight-knit group – it only needs to be a few people, since all they need is a Twitter account and a web page. There's no evidence that they're a particularly sophisticated group.)
The members, according to Imperva:
• "Sabu" – HBgary hacker. Seems to be the leader.
• "Nakomis" – Coder, rumoured to be one of coders of the PHPBB bulletin board.
• "Topiary" – handles finance, such as donations and payment for services (eg botnets)
• "Tflow" – Hacker. (Rumoured.)
• "Kayla" – Hacker. Owns a big botnet.
• "Joepie91" – Website admin.
• "Avunit" - No more detail.
From hacker discussion forums, it seems they might get arrested as soon as many "real world" details on their identities get revealed, suggests Tal Be'ery.

No comments:

Post a Comment