Who are the group behind this week's CIA hack?

The posting on Twitter was brief and to the point: “Tango down – cia.gov – for the lulz”. Barely a month seems to go by without some sort of high-profile hack attack making global headlines and June is turning out to be a cracking month for online mischief makers.

Late on Wednesday evening the public homepage of the CIA was briefly taken offline after it was targeted by LulzSecurity, the latest hactivist collective to spawn on the internet and leave a merry wake of destruction in its somewhat erratic path.

If the beginning of 2011 was dominated by Anonymous, the shadowy cyber network that launched a series of high profile web-protests in defence of WikiLeaks, the summer has been seized by LulzSecurity.

A relative newcomer to the hactivist scene, LulzSec (as they like to be known) have claimed successful hacks and disruption attacks against – among others – Sony, the NHS, Fox News, the US Senate, Pron.com and a string of online gaming communities. And all of this has happened in little more than a month.

It is often difficult to tell whether a website has been truly taken offline by a targeted assault or because the claim that a site has been compromised drives so much extra traffic towards it that it has to close. Either way, Wednesday’s short assault on the CIA’s public homepage is LulzSecurity’s most brazen act yet and may have earned them some particularly powerful enemies within America’s law enforcement community.

Who LulzSecurity are remains a closely guarded secret. Like Anonymous, the group is a disparate online network, made up of supporters around the world who collectively lend the combined power of their hard drives and hacking skills to pull-off eye-catching assaults.

But while Anonymous has something of a self-important political activist air about it – choosing targets that they are ideologically opposed to – LulzSecurity seems to be motivated by a more simplistic urge; the desire to have fun and cause a bit of mischief.

Their method of targeting is erratic and chaotic. While there appears to have been overly political attacks, such as the recent assaults on Sony, the CIA and the Senate website, LulzSecurity has no problem with trying to breach porn and gaming websites which could lead to a backlash from the online community.

Then there’s the movement’s figurehead – a fictional character with a dodgy French accent who goes by the name of Pierre Dubois.

On the same day that it attacked the CIA’s public page, LulzSecurity said it would begin taking requests from members of the public for where they should aim their next distributed denial of service (DDoS) attacks, a relatively simple and blunt disruption technique which takes a website temporarily offline by inundating its servers with requests for information.

The group posted a voicemail number for people to leave requests. Those phoning the Ohio based number would get a message, read out in a faux French accent, stating: "You have reached the whistle box of Pierre Dubois. We are not present right now because we are busy ruining your Internet. Leave a message, and we will get back to you whenever we can." LulzSecurity claims it has since temporarily taken down seven more sites using DDoS attacks requested by the public.

Taking requests is not necessarily new – Anonymous activists have long used chat boards to vote on who their next targets should be. But the fact that LulzSec opted for a comedy phone line testifies to the group’s eccentricity. The group’s website meanwhile invites followers to jump on board “The LulzBoat” accompanied to the theme music to the 70s American TV show, The Love Boat.

Generally security experts classify hackers into three categories. White-hat hackers are those who spend their days breaking into websites to deliberately expose their weaknesses, altruistically alerting a site’s owner before any damage can be done. The black-hats deliberately go out of their way to sabotage, steal data or install spy-ware for personal gain. And in the middle are the grey hats who do a bit of both.

Like Anonymous, LulzSecurity falls squarely into the grey camp. The group claims to be exposing security vulnerabilities in websites and organisations purely for "fun". But their willingness to dump the stolen data and details they uncover online pushes them towards the black hats.

The group’s largest heist occurred last month when it successfully broke into the website of Sony Pictures and made off with what they claimed were 1m user details including emails, passwords and addresses. Sony claimed the real figure was closer to 40,000 but the breach was deeply embarrassing for the Japanese tech giant which had only just begun to recover from a series of major data thefts that shutdown the entire Playstation Network for the best part of a month.

Most damning was the revelation that LulzSecurity’s followers used a relatively simple hacking technique known as an SQL injection to break into the Sony Pictures website and then came across huge tranches of customer information that was unencrypted.

“From a single injection, we accessed EVERYTHING,” boasted a LulzSec post on its website. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

There are theories that LulzSec could be an offshoot of Anonymous, possibly old hands who grew weary of Anonymous’ increasingly political grandstanding and wanted to get back to making mischief. They certainly share Anonymous’ loathing of Sony but LulzSec’s Twitter feed is filled with exhortation to go harass and annoy Anonymous supporters in an online trolling campaign.

As to whether LulzSecurity poses a threat or not, the security community remains somewhat divided.

"While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are - in the worst cases - having their personal data exposed," said Graham Cluley, senior technology consultant at Sophos. "There are responsible ways to inform a business that its website is insecure, or that it has not properly protected its data. What's disturbing is that so many internet users appear to support LulzSec."

Josh Corman, research director at The 451 Group, an IT analysis and research firm, told BankInfoSecurity.com website that while LulzSecurity have quickly morphed into a formidable menace, their abiding philosophy is making mischief rather than causing damage.

"These are ideological insiders that have access; this is more like Fight Club; they do your laundry, they work in the mailroom," he said. "This is a whole counterculture thing; especially in a time when people feel powerless. They find this empowering."

Suggested Topics
Start your day with The Independent, sign up for daily news emails
Arts and Entertainment
The Doctor and Clara have their first real heart to heart since he regenerated in 'Deep Breath'
Life and Style
Apple showed no sign of losing its talent for product launches with the new, slightly larger iPhone 6 making headlines
techSecurity breaches and overhyped start-ups dominated a year in which very little changed (save the size of your phone)
Arts and Entertainment
Jamie Oliver
filmTV chef Jamie Oliver turned down role in The Hobbit
The official police photograph of Dustin Diamond taken after he was arrested in Wisconsin
peopleDownfall of the TV star charged with bar stabbing
Have you tried new the Independent Digital Edition apps?
ebooksA year of political gossip, levity and intrigue from the sharpest pen in Westminster
Arts and Entertainment
Jeremy Clarkson, left, and Richard Hammond upset the locals in South America
tvReview: Top Gear team flee Patagonia as Christmas special reaches its climax in the style of Butch and Sundance
Ashley Barnes of Burnley scores their second goal
footballMan City vs Burnley match report
Arts and Entertainment
Peter Mayhew as Chewbacca alongside Harrison Ford's Han Solo in 'Star Wars'
Arts and Entertainment
Man of action: Christian Bale stars in Exodus: Gods and Kings
Arts and Entertainment
Tracy Emin's 1998 piece 'My Bed' on display at Christie's
artOne expert claims she did not
Arts and Entertainment
Catherine (Sarah Lancashire) in Happy Valley ((C) Red Productions/Ben Blackall)
Hackers revealed Oscar-winning actress Lawrence was paid less than her male co-stars in American Hustle
Arts and Entertainment
Clueless? Locked-door mysteries are the ultimate manifestation of the cerebral detective story
booksAs a new collection of the genre’s best is published, its editor explains the rules of engagement
Robin van Persie is blocked by Hugo Lloris
footballTottenham vs Manchester United match report
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Recruitment Genius: Business Manager

£32000 - £40000 per annum: Recruitment Genius: A Business Manager is required ...

Recruitment Genius: Operations Manager

£45000 - £55000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: Panel & Cabinet Wireman

£20000 per annum: Recruitment Genius: Panel Wireman required for small electro...

Recruitment Genius: Electronics Test Engineer

£25000 - £27000 per annum: Recruitment Genius: An SME based in East Cheshire, ...

Day In a Page

A timely reminder of the bloody anniversary we all forgot

A timely reminder of the bloody anniversary we all forgot

Who remembers that this week we enter the 150th anniversary year of the end of the American Civil War, asks Robert Fisk
Homeless Veterans appeal: Former soldiers pay their respects to a friend who also served

Homeless Veterans appeal

Former soldiers pay their respects to a friend who also served
Downfall of Dustin 'Screech' Diamond, the 'Saved By The Bell' star charged with bar stabbing

Scarred by the bell

The downfall of the TV star charged with bar stabbing
Why 2014 was a year of technological let-downs

Why 2014 was a year of technological let-downs

Security breaches and overhyped start-ups dominated a year in which very little changed (save the size of your phone)
Cuba's golf revolution: But will the revolutionary nation take 'bourgeois' game to its heart?

Will revolutionary Cuba take 'bourgeois' golf to its heart?

Fidel Castro ridiculed the game – but now investment in leisure resort projects is welcome
The Locked Room Mysteries: As a new collection of the genre’s best is published, its editor Otto Penzler explains the rules of engagement

The Locked Room Mysteries

As a new collection of the genre’s best is published, its editor explains the rules of engagement
Amy Adams on playing painter Margaret Keane in Tim Burton's Big Eyes

How I made myself Keane

Amy Adams hadn’t wanted to take the role of artist Margaret Keane, because she’d had enough of playing victims. But then she had a daughter, and saw the painter in a new light
Ed Richards: Parting view of Ofcom chief. . . we hate jokes on the disabled

Parting view of Ofcom chief... we hate jokes on the disabled

Bad language once got TV viewers irate, inciting calls to broadcasting switchboards. But now there is a worse offender, says retiring head of the media watchdog, Ed Richards
A look back at fashion in 2014: Wear in review

Wear in review

A look back at fashion in 2014
Ian Herbert: My 10 hopes for sport in 2015. Might just one of them happen?

Ian Herbert: My 10 hopes for sport in 2015

Might just one of them happen?
War with Isis: The West needs more than a White Knight

The West needs more than a White Knight

Despite billions spent on weapons, the US has not been able to counter Isis's gruesome tactics, says Patrick Cockburn
Return to Helmand: Private Davey Graham recalls the day he was shot by the Taliban

'The day I was shot by the Taliban'

Private Davey Graham was shot five times during an ambush in 2007 - it was the first, controversial photograph to show the dangers our soldiers faced in Helmand province
Revealed: the best and worst airlines for delays

Revealed: the best and worst airlines for delays

Many flyers are failing to claim compensation to which they are entitled, a new survey has found
The stories that defined 2014: From the Scottish independence referendum to the Ice Bucket Challenge, our writers voice their opinions

The stories that defined 2014

From the Scottish independence referendum to the Ice Bucket Challenge, our writers voice their opinions
Stoke-on-Trent becomes first British city to be classified as 'disaster resilient' by the United Nations

Disaster looming? Now you know where to head...

Which British city has become the first to be awarded special 'resilience' status by the UN?