In the past 30 days its targets have run the gamut from PBS to Sony to the CIA, and LulzSec has recently set its sights on Anonymous itself. So what makes LulzSec different from Anonymous, and from more typical cyber criminals and spies?
Without looking inside their heads, we can only speculate about the LulzSec hackers’ motivations. But there are a few things we can deduce.
They don’t seem to be motivated by money, as hackers increasingly seem to be. Hackers who seek to profit often do so by stealing credit card numbers and selling them on the black market, or through extortion by threatening gambling and other sites with denial of service attacks unless they pay for protection. LulzSec are also clearly not spies like the likely state-sponsored hackers who last month stole cryptographic keys from security firm RSA then used them to pilfer data from defense contractor Lockheed Martin.
(LIST: Most Memorable Hacking Moments)
If they’re not cyber thieves or spies, that seems to leave one option: hacktivism, or politically motivated hacking.
As of late, Anonymous has clearly fit that description, having come to mainstream prominence after it attacked PayPal, Visa, Amazon, and other companies that cut off service to WikiLeaks following the release of State Department cables late last year. Since then, Anonymous has targeted Iranian and Tunisian government websites, attacked Sony’s website in retaliation for a lawsuit against PS3 modder George Hotz, and most recently are seeking Federal Reserve Chairman Ben Bernanke’s resignation. But it wasn’t always this way.
The Emergence of Anonymous
Anonymous grew out of the riotous and rollicking online forum 4chan, from which many of the Internet’s memes—from lolcats to Chocolate Rain—have emerged. If you don’t enter your name when you post a message to 4chan (and no one ever does), the post is simply attributed to the default name, “Anonymous.” The fast-paced conversation on the site leads to an emergent mind collectively known as Anonymous.
This collective mind, and especially that of the /b/ message board, tends to have a jovially nihilistic worldview, seeking not much more than amusement, an escape from boredom, often at the expense of others. Asked why they do something, an “Anon” will likely reply that they “do it for the lulz,” which is a corruption of LOL—”laughing out loud.” They love pranks, evidenced by the Rickrolling phenomenon, which was born on /b/.
Like the Tea Party or Al Qaeda, Anonymous is a “starfish” organization. This means that while there may be some titular heads, any number of cells or individuals can operate under its banner. Anonymous is in this sense a large, amorphous, and disparate group of persons around the world—from novice “script kiddies” to expert hackers—who lend their talents and computing power to consensus schemes hatched on 4chan or other online hangouts.
These often include raiding and causing havoc among the unsuspecting denizens of other online forums, or flooding YouTube with porn disguised as children’s videos. Increasingly, however, Anonymous’ campaigns have tended to eschew the “lulzy” for the self-righteously political, culminating in this week’s preoccupation with the Fed.
“We Do It for the Lulz”
LulzSec (short for “Lulz Security”), as its name implies, seems to be a throwback to the original spirit of doing things simply “for the lulz.” Some characterize this attitude as anarchistic, but it could also be seen as existentialist or nihilistic. Faced with the reality of an absurd world without intrinsic meaning, some choose to approach life as “performance art” to give it meaning. LulzSec’s actions seem to fit this pattern.
Instead of preachy manifestos, they issue comical press releases. One of their first high-profile breaches was against PBS.org where they planted a fake news story reporting that Biggie Smalls and Tupac Shakur where alive and well and living in New Zealand.
The group’s active Twitter feed, decorated with Nyan cat and their monocled mascot, is often a stream of absurdist or surreal humor, with tweets such as, “You are a peon and our Freemason lizard rebellion will propel us towards binary stars of yore, you sweaty caterpillar farm,” and, “Mankind should tremble as the SSH key to your neuron load balancers are used as a pathway to the chemical exhilaration of entertainment.”
The group’s website plays the theme to The Love Boat and invites visitors to sing along to modified lyrics about “The Lulz Boat.” Pressing the mute button to stop the music only increases its volume.
They have even set up a seemingly untraceable telephone number where they sometimes take calls, and have a voicemail message where the group’s ostensible leader greets callers in a fake French accent saying: “You have reached the whistle box of Pierre Dubois. We are not present right now because we are busy ruining your Internet. Leave a message, and we will get back to you whenever we can.”
From all indications, their motivations are cheeky thrills, not fortune. In a failed marketing stunt last week, computer security firm Black & Berg challenged hackers to modify the image on their homepage if they could, and offered a $10,000 prize and a job to anyone able to do so. LulzSec did it in no time, posting their monocled mascot and writing “DONE, THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ.”
Why So Serious?
Absurdist performance art can be destructive, however. As some have pointed out, the literary analogy that must be made is to the character of the Joker, played by Heath Ledger in The Dark Knight). His only motivation in the film seems to be pushing Batman’s buttons. This is something the caped crusader can’t understand, and in a pivotal scene Batman’s trusty butler Alfred, played by Michael Caine, explains:
Alfred: A long time ago, I was in Burma, my friends and I were working for the local government. They were trying to buy the loyalty of tribal leaders by bribing them with precious stones. But their caravans were being raided in a forest north of Rangoon by a bandit. So we went looking for the stones. But in six months, we never found anyone who traded with him. One day I saw a child playing with a ruby the size of a tangerine. The bandit had been throwing them away.
Bruce Wayne: Then why steal them?
Alfred: Because he thought it was good sport. Because some men aren’t looking for anything logical, like money. They can’t be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.
This raises the question, who is the rule-bound and moralistic Batman in the analogy? Is it the corporate and governmental authorities LulzSec has attacked? Or might it even be Anonymous itself, which LulzSec has begun to antagonize.
Not So Simple?
Some think there’s more to it than LulzSec lets on.
Adrian Chen, a Gawker writer who’s been following the group and raising their heckles recently tweeted, “I want to know how much @lulzsec is making off all this. Don’t really buy that it’s all for the lulzs.”
And one of LulzSec’s victims, Karim Hijazi of security startup Unveillance, has claimed the group tried to extort him. LulzSec denies it, telling Hijazi in a statement that they were “simply going to pressure you into a position where you could be willing to give us money for our silence, and then expose you publicly.”
“Though it is clear that Anon’s operations have been politically motivated, I don’t think that LulzSec’s motivations are as simple as just causing chaos,” says University of Utah cyberconflict researcher Sean Lawson. “I think there’s more to it than that.”
One of LulzSec’s motives, Lawson says, is pointing out hypocrisy by government and corporate actors. For example, LulzSec this week broke into the Senate’s website and published administrative account information, asking if that was considered an Act of War as the Pentagon had recently suggested such breaches would be.
“With the Senate.gov hack and their mocking response, they are clearly making a statement which says that such threats by the U.S. are ridiculous and hypocritical when government systems are so poorly protected,” Lawson says. “In the case of their specific hacks of white-hat, cybersecurity industry players like Unveillance, I think they are saying, ‘You’re not as good as you think you are; you’re failing your customers and have been selling bogus solutions.’”
Whatever their motivation, their recent attacks on FBI affiliates, the Senate, and the CIA show LulzSec is increasingly like the fearless honey badger who doesn’t give a damn. They are not only in the sights of the government, but now in Anonymous’ as well, after the group targeted 4chan and some of the Anons’ favorite video game sites.
Unsurprisingly, LulzSec downplays the situation via Twitter: “Saying we’re attacking Anonymous because we taunted /b/ is like saying we’re going to war with America because we stomped on a cheeseburger.”
As we see in the Joker, someone so seemingly reckless and with apparently nothing to lose makes for a formidable opponent. Later in The Dark Knight, there is this exchange between Alfred and Bruce Wayne:
Bruce Wayne: The bandit, in the forest in Burma, did you catch him?
Bruce Wayne: How?
Alfred: We burned the forest down.
Let’s hope it doesn’t come to that online.