X

Anonymous, LulzSec spawn hacker crew offshoots

With names like "LulzSec Reborn," "MalSec," and "SpexSec," hacking groups are cropping up in the wake of LulzSec arrests and Anonymous dissatisfaction.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
4 min read
"LulzSec Reborn" may be neither LulzSec nor reborn, experts say.
"LulzSec Reborn" may be neither LulzSec nor reborn, experts say.

It's been three months since the arrest of a handful of people accused of conducting denial-of-service and other attacks on police and corporate networks as part of the notorious LulzSec hacking crew.

Yet rather than laying low following the arrests, hacker activists are still going strong and, in fact, regrouping, taking up the baton from the Lulz crew or citing dissatisfaction with the schizophrenic nature of all the various Anonymous operations. Suddenly, there is "LulzSec Reborn," "MalSec," and "SpexSec," fresh names for groups of malicious hackers using old techniques.

It's unknown if they are legitimate splinter groups with members of the old guard taking charge in a new direction, the way LulzSec was a spinoff of Anonymous. Or they could also just be wannabes hoping to exploit the maverick LulzSec name. On the Internet, no one knows you are a dog, especially if you call yourself "Anonymous."

"In our eyes, LulzSec is a disposable and reusable brand. Anyone within Anonymous can selectively pick it up or drop it as they need," said Brian Martin, founder of the Attrition.org security site who uses the handle "Jericho" and who has been studying Anonymous. "By doing so, they cash in on the name recognition, and specific actions that may not be affiliated with Anonymous can be done under this banner."

This weekend, someone using the "LulzSec Reborn" name and the LulzSec Love Boat ASCII graphic took credit for hacking TweetGIF, which allows people to share animated GIFs on Twitter. The group had claimed credit for hacking a military dating site back in March.

A group calling itself "SpexSec" posted on Pastebin this week the passwords and visa information of more than 200 suspected terrorists following the release of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on Operation Robin Hood last year. Scotland Yard claimed to have arrested several suspected members of TeaMpoisoN, which the group has denied.

And in April, a group called "MalSec," for "Malicious Security," released a video in the vein of Anonymous announcing its debut and discussing its differences with factions of Anonymous.

Related stories

This is the nature of hacking groups and large collectives of people who may agree on one cause and technique but not on others. They last awhile before they break up and form together in different bands, until those groups get arrested or go their own way.

Anonymous members leave the hive "if there is no organizing principle, if they grow frustrated that they are not having enough impact or are not satisfied with their investment of time or they're sick of trolling," said Josh Corman, director of security intelligence for Akamai, who has researched Anonymous along with "Jericho." "They'll do one really noble, principled Op and that same week there will be three or four aggressive ops that damage the brand."

Gabrielle Coleman, Wolfe Chair in Scientific and Technological Literacy at the Department of Art History & Communication Studies at McGill University in Quebec, believes LulzSec Reborn is LulzSec in name only. "I am almost 100 percent [certain] that the Antisec/LulzSec guys have nothing to do with the LSR [LulzSec Reborn] and in fact there is still a small crew of antisec/lulzsec guys in existence," she said in an e-mail.

With Anonymous, the family tree gets pretty complicated. For instance, the Anonymous team in the UK probably overlapped with Anti-Sec, according to Coleman. "Then Cab1n Cr3w was well and alive and kicking for a long time through that period (though they were also sort of making fun of Anti-sec). They did disband after all the arrests and rumors of informants have skyrocketed."

The sheer size and diversity of Anonymous participants ensures steady turnover. MalSec appears to have formed out of a desire by some Anons to distance themselves from the more erratic acts of some of their brethren.

"MalSec" says it won't be doing hacks that harm individuals like certain factions of Anonymous do.
"MalSec" says it won't be doing hacks that harm individuals like certain factions of Anonymous do.
"MalSec has new methods and ideas. We have witnessed aggressive hacks that included, the general public getting attacked, and credit card information being stolen," the MalSec video says. "We also have witnessed Anonymous supporters harming each other within the collective. Do you not see that this is a tactic to divide us and make us lose sight of our goals, of what is truly important? We cannot sit by idly and watch as our values are ripped away and disgraced. This is ineffective and counterproductive to achieving our goal. We do not wish to take from the people, or to harm them, but rather to empower them."

What the crew does not say is who their targets will be. I'm sure we'll find out soon enough.

Update 6:30 p.m. PT The "lulzboatR" Twitter account objected to the characterization of LulzSec Reborn in this article and pointed to an exclusive Softpedia interview with someone from the crew in March.