THE STUDY JUNE 14, 2011
The hacking group Lulz Security has made a mockery of internet security this past month, hacking into and stealing data from a number of company and government networks, including Fox, the United States Senate, and an FBI affiliate. Just today, the group has hit the servers of a gaming magazine and three hugely popular online games. (That's a daring move, frankly, given that the online gaming population is significantly more skilled with computers than the population at large.) Fortunately for the "hackees," though the breaches are embarrassing and inconvenient, LulzSec doesn't appear to be hacking for illicit profit. Their attacks have fallen into two categories: ideological--as when they hacked PBS and put up a fake "Tupac Still Alive" story in retaliation for what the group felt was a biased documentary about Wikileaks founder Julian Assange--and informational, as when LulzSec hacked EVE Online to highlight its security flaws. Plus, for what it's worth, the group's Twitter feed and public statements are pretty funny. As one blogger put it, LulzSec wants to "improve the state of security and have fun by pulling everyone's pants down."
By hacking for entertainment rather than profit, LulzSec is part of a larger trend. Trustwave SpiderLabs, which runs the Web Hacking Incident Database, releases semiannual reports chronicling trends in hacking. In their report on the first half of 2010, the report's authors calculated that over 25% of all hacking incidents resulted in malicious software being planted (generally to steal personal data such as credit card numbers) or direct monetary loss. The authors warned in their conclusion of "an increased focus by professional criminals to launch combination attacks with the ultimate goal of making money." In the second half of 2010, though, that number fell to 13%, while hacking to deface sites or temporarily take them offline (actions rarely, if ever, done for profit) grew from 30% of all cases in the first half of the year to 48%. Given the success of Lulz Security, the trend shows no signs of slowing down.