Around three months ago, five members of Anonymous spinoff hacker group LulzSec were arrested. Shortly afterwards, an FBI official declared “We’re chopping off the head of LulzSec.”
Maybe they did, but activist hackers are still using the LulzSec name, and they are pretty eager to prove they’re like the mythical Hydra – the sea serpent that grows two heads whenever you cut one off.
A report came out earlier last week that said a group calling itself LulzSec Reborn “posted about 10,000 Twitter usernames and passwords on Pastebi. The leaked Twitter accounts are from people who use TweetGif, a third-party app that lets users share animated GIFs.”
This isn’t the first case where LulzSec Reborn has claimed responsibility. Back in March, about three weeks after the initial LulzSec arrests, the Reborn group broke into ESingles’s (a military dating site) database, stole passwords, email addresses, and other information and put it up on Pastebin.
It has also been reported that Reborn isn’t the only group out there. Them and MalSec and SpexSec, two other groups, have been called “fresh names for groups of malicious hackers using old techniques.”
Nick Selby, the managing director of N4Struct and a Texas cybercrime investigator said this should be no surprise. “It’s certainly evidence that the threat is highly distributed, and the barrier to to entry for those wishing to engage in these kind of activities is low and plummeting each day,” he said.
Sophos’ senior security adviser Chris Wisniewski agrees. “As long as there are a lot of assets out there that are reasonably insecure, this will keep happening,” he said. “The Occupy movement may no longer be visible, but the 99% are still upset. The FBI may give some individuals who are risk-averse pause, but if some people are stopped, there will always be another to step into the role.”
The original LulzSec group was brought down nine months after arresting its leader Hector Xavier Monsegur, better known as Sabu. The FBI obtained information on the group from Sabu almost immediately after his arrest on June 7th, 2011. The group has been insistent on showing that even though they’ve been hurt, they’re not down and out for the count.
Jody Westby, an attorney and CEO of Global Cyber Risk said sadly, LulzSec has reason to boast. “The bad guys are winning every contest…We can’t win if we don’t fight — and right now, we’re not fighting enough.”