Group releases statement declaring that its whirlwind run of headline-grabbing exploits, involving the likes of Sony, the CIA, the U.S. Senate, and FBI partner Infragard, is coming to an end.
Edward MoyerSenior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
After a whirlwind run of headline-grabbing hacking exploits that involved the likes of Sony, the CIA, the U.S. Senate, and FBI partner Infragard, hacking group LulzSec is apparently--and suddenly--calling it quits.
The group, which cropped up on many people's radar for the first time just last month, sent a tweet late today with a link to a document on Pastebin declaring that the group's run of cybermischief was coming to an end.
"It's time to say bon voyage," the statement reads. "Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind--we hope--inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere." (You can read the complete text of the statement below.)
The group also linked to a final cache of stolen information, which, according to a report in the International Business Times, includes data from AT&T and AOL, among others. Twitter user @Complex posted a link to a screenshot purportedly from the data dump, which shows what looks like a defaced U.S. Navy civilian-careers Web page (see below). LulzSec had said Thursday, after leaking what it called sensitive documents from the Arizona Department of Public Safety, that it would be "releasing more goods" on Monday.
LulzSec's apparent disbanding comes just days after a 19-year-old identified as Ryan Cleary was arrested in the U.K. in connection with a series of distributed denial-of-service (DDoS) attacks said to have been the handiwork of the group. LulzSec has denied that Cleary is one of its key associates, though it has acknowledged that he hosts "one of our many legitimate chat rooms on his IRC server."
The news also follows a public spat between LulzSec and another hacking group, TeaMp0isoN. The two groups claimed to have attacked each other's servers and threatened to expose rival members. On Wednesday, someone released information purportedly exposing the identity of a key member of LulzSec who goes by the nickname "Sabu."
And on Friday, British newspaper the Guardian published Internet Relay Chat logs it said were leaked from a private LulzSec chat room. In the logs, Sabu warns others to be careful who they talk to about the group's activities. "You realize we smacked the FBI today," Sabu says in the logs. "This means everyone in here must remain extremely secure."
TeaMp0isoN apparently took a swipe at LulzSec today, after the news of the latter's demise, tweeting, "see unlike @lulzsec, our movement dosent have an expiry date....we wont ever backdown, this means a lot to us, time for a manifesto."
In it for the 'lulz'? LulzSec first came to notice in May, when it touted its hacking of the Web site for a Fox TV show called "X Factor" and published personal information on the contestants, along with internal Fox data.
The group initially said it was more or less just having a laugh. (Its name conflates the word security with the expression "lol"--which some pronounce as "lull" and which, of course, is the abbreviation for "laugh out loud" that countless Net users and texters have appended to messages to express their appreciation of an especially funny remark.)
More recently, however, the group took on a more hacktivist bent and may have turned up the rhetoric a few too many notches. It formed an alliance with Anonymous in which, it said, the main goal was "to steal and leak any classified government information...Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood." The first target of this "Operation Anti-Security"--or "AntiSec"--was a U.K. law-enforcement agency dedicated to fighting organized crime. The resulting DDoS attack against the agency is one of the crimes with which Cleary is being charged.
Critics point out that the data LulzSec has released has exposed many to identity theft. And one individual has claimed that the group tried to extort him, though LulzSec claims that the exchanges it had with this person simply led to a misunderstanding. Most recently, and perhaps most seriously, the Arizona Department of Public Safety expressed concern over the safety of its officers following a LulzSec leak of departmental data.
In any case, if today's statement is to be believed, LulzSec's hacking days have come to an end. And it's not entirely clear why. Perhaps, as the purported chat-room remark from Sabu suggests, the group, despite its brashness, was not immune to a case of the nerves.
Last week, the group sent out its 1,000th tweet, which included a link to a manifesto of sorts. In it, LulzSec made it clear that it was aware of the dangers it faced. "We've been entertaining you 1000 times with 140 characters or less," the document reads, "and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be."
It seems, having not yet been nailed (with the exception, perhaps, of Cleary), the group has called things off a bit prematurely--though it remains to be seen if they've gotten out of the game soon enough.
The full text of the LulzSec statement follows:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe
CNET's Elinor Mills and Jon Skillings contributed to this report.