Activism and ‘Lulz’ Motivate Latest Rash of Hacks
Two prominent hacker groups, Anonymous and LulzSec, have ignited increasing concern over computer security by staging spectacular attacks and data heists against large corporations and government websites. The two groups have pulled off more than 30 attacks in the past two months, taking down websites belonging to the U.S. Senate and the CIA, humbling the gargantuan company Sony, and compromising nearly 2 million user logins and IDs across the Web.
Security experts warn that the hacks will continue thanks to a reemergence of predominantly young male computer users attracted to hacking for a cause and swapping bragging rights about their exploits online. So far, most members of the two hacking groups have remained in the shadows. The groups have no central leadership and no formal structure. (LulzSec officially disbanded in June.) Security experts describe groups such as Anonymous as an "idea," not a group.
Despite the lack of hacker organization, law enforcement hasn't stopped trying to put an end to hack attacks. Law enforcement in the United Kingdom, the Netherlands, Spain, Turkey, and the United States have made dozens of arrests and conducted searches as part of various hack attack investigations. For example, in late June, U.K. police arrested 19-year-old Ryan Cleary, who is accused of distributing tools to build a botnet that LulzSec used to attack the U.K. Serious Organised Crime Agency (SOCA).
Perfect Storm for Hack Attacks
Reformed hacker turned private security consultant Michael Calce says a combination of bad security, the availability of easy-to-use and increasingly sophisticated hacker toolkits, and social networking sites create a perfect storm for many of today's hackers.
"When I was hacking, it was about testing the status quo, ego, and who's the best hacker," Calce says. "Today, it's about monetary gain or activists trying to make a point." Under his online alias "Mafiaboy," Calce was responsible for a string of denial-of-service attacks in 2000 that crippled the websites of Amazon, CNN, Dell, eBay, Etrade, and Yahoo. Calce has since written a book about his exploits that is due to come out in the United States this August.
From Ego to Hack-tivism
Calce says today's hacks have a familiar flair but lack the ego-driven chest-beating of individual hackers he remembers circa 2000. Today's hackers still use online personas such as Sabu and Topiary, but the majority operate under umbrella organizations such as Anonymous, AntiSec, Gnosis, LulzSec ('lulz' is online slang for 'laughs' and 'Sec' stands for security), and Script Kiddies. Their objectives, it's believed, are to raise awareness about security issues and protest what it views as wrong.
Last December, Dutch authorities arrested 19-year-old Martijn Gonlag, who is believe to be part of the Anonymous hacking group. Gonlag was arrested for what he told authorities was a "digital sit-in" when he hacked computer systems, claiming it was in support of WikiLeaks.
Before that, Sony was hit in a string of attacks by hackers who stole 100 million online video-game users' personal data. The attacks were sparked by what hackers say was heavy-handed legal action against George Hotz, who was accused of jailbreaking a Sony PlayStation console.
The roots of these attacks and other so-called hacktivist actions date back to 2008 when Anonymous attacked the Church of Scientology to protest the religious group's attempt to control information about itself online.
Since LulzSec broke up, members of the group and others have formed a new hacker collective of sorts called AntiSec that as recently as June 30 dumped names, addresses, email mssages, and other personal data belonging to Arizona state police. Then, on July 4, another group calling itself the Script Kiddies took over a Fox News Twitter account and falsely reported that President Obama had been shot and killed. The following day, Anonymous and members of the AntiSec hacker group released hacked data from the Florida voting system and personal details of Orlando-area Democrats. Perhaps this was the best the hackers could do to fulfill their promise to retaliate against the June 6 arrest of members of Food Not Bombs in Orlando.
Next: How hackers work the media, and more.