The hacks keep on coming. Continuing to virtually thumb its nose at cybersecurity experts and law-enforcement agencies, LulzSec has claimed credit for penetrating more secret sites as it appeared to join forces with the Anonymous group.
The hackers, who communicate with the public primarily through Twitter and their own web site, said they and Anonymous will launch Operation Anti-Security to expose weaknesses in the systems of banks, government agencies, and others.
In the Public Interest?
LulzSec, which derives its name from LOLs and security, insists it's trying to do the world a favor by pointing out that most cybersecurity is not only inefficient but "drab," and presents its work as all too easy. Last week it posted what it said was thousands of stolen log-in profiles from e-mail servers. Anonymous is a group of loosely organized hacktivists that recently claimed credit for attacking MasterCard and Visa and was accused by Sony of indirect involvement in the hacking of its PlayStation Network.
On Monday LulzSec called on the public to join Operation Anti-Security.
"Operation Anti-Security is in effect," said the group, which often uses naval terminology. "Join the fleet and tear the government and whitehat peons limb from limb -- #antisec winds are strong." Earlier, it said, "The Lulz Boat is at the forefront of the lizard battle fleet. Board your vessels and follow us into war; welcome to anti-security. #antisec."
LulzSec's campaign began in May as it launched attacks on gaming sites and then stepped up its campaign this month to target the U.S. Senate, the CIA, and FBI, claiming to have infiltrated their systems and posted stolen data on its web site.
Its latest trophy is Britain's Serious Organized Crime Agency. "Tango down -- soca.gov.uk -- in the name of #AntiSec," the group tweeted, using a military term for the elimination of an enemy.
U.K.-based Sophos reported on its Naked Security blog that SOCA's web site was sporadically inaccessible on Thursday, the apparent result of a denial-of-service attack.
Fifteen Fat Men and a Revolving Door
"As I've explained before -- a denial-of-service attack is a bit like "15 fat men trying to get through a revolving door at the same time," wrote Graham Cluley of Sophos. "A Web site becomes so flooded with unwanted traffic that genuine visitors to the site find it difficult, or impossible, to get through."
"Their techniques are developing cumulatively as they build on each other," said Prof. Alan Paller of the cybersecurity training school SANS Institute in Bethesda, Md. "The good guys are far too dependent on products and are not sharing techniques as they should."
An anti-hacking site, Web Ninjas, has posted the photo of a man it said is behind LulzSec, saying it knows his name and location but isn't publishing it.
The attacks come as the Obama administration has been pushing Congress to crack down on hackers with laws enabling law enforcement to impose tougher penalties.
The president wants to double penalties for attacks that may threaten national security from 10 to 20 years in prison, offer incentives for companies to improve their cybersecurity, and allow the Department of Homeland Security to review private network security systems to see if security measures are adequate.