LulzSec Says Goodbye with New Data Dump

LulzSec , the hacker group that has been a thorn in the side of major institutions ranging from Sony to the CIA, says it is going away -- but not quietly.

The group said late Saturday it would disband. In what it says is its final act of mayhem, it publicly unloaded a trove of documents containing a significant amount of compressed data.

"Our planned 50-day cruise has expired, and we must now sail into the distance...our crew of six wishes you a happy 2011," LulzSec says in its final message.

The group says it chose to end its campaign on Saturday because the day marked "something meaningful" to LulzSec. Saturday was the 108th anniversary of the birth of author George Orwell, who wrote classic novels including Animal Farm and 1984. LulzSec later appeared to confirm its affinity to Orwell by retweeting this message.

Before Saturday, LulzSec never officially announced that the group would disband after more than seven weeks of online antics. In fact, it had said previously it would continue hacking until its members were caught.

British police recently arrested a 19-year-old man named Ryan Cleary in relation to a recent LulzSec hack, but the group denies that Cleary was involved with the group's hacking activities. No other arrests have so far been made. The hacker group's goodbye message didn't mention Cleary's arrest.

Still, it's possible that group members were growing wary of the attention directed at them.

A variety of documents and blog posts have appeared online claiming to unmask the group's members, the Guardian recently published purported leaked records from a LulzSec IRC chat room and several news organizations have claimed to interview LulzSec members. Law enforcement around the globe is also hoping to have a chat with members of LulzSec.

LulzSec's latest data dump includes what appears to be purloined data from a variety of sources including AT&T, AOL, the U.S. Navy, NATO, a private investigation firm, the FBI and several gaming sites.

By far, the largest data trove is a compressed file containing nearly 600MB of internal AT&T data. The group also obtained what it says are a technical note from AOL; user names and passwords for employees of the investigative firm Priority Investigations; 12,000 user credentials from a NATO bookshop run by a third party; more than half a million logins for the online game Battlefield Heroes Beta; 200,000 user names and passwords from Hackforums.net; and a screenshot showing a defacement of a U.S. Navy job board. The final hacker trove also includes a variety of other data from gamer sites and corporate networks, according to online chatter and an index of the data posted by LulzSec.

It's not clear how much of the hacked data is genuine, but several organizations have already posted notices admitting to security compromises. NATO issued a statement saying it had been alerted to a "probable data breach from a NATO-related website operated by an external company." The site for Battlefield Heroes says it is investigating "an apparent security breach." AT&T declined to comment, while AOL was unavailable for comment.

Since May, LulzSec has carried out server raids and website attacks against a variety of targets, including Fox.com, the U.S. Senate, the CIA, Sony, the U.K.'s Serious Organised Crime Agency, the Arizona Department of Public Safety and PBS.

If LulzSec is gone for good, it's unclear if the law will one day catch up with them.

Connect with Ian Paul (@ianpaul) and Today@PCWorld on Twitter for the latest tech news and analysis.

Subscribe to the Security Watch Newsletter

Comments