staff and news service reports
updated 6/25/2011 10:34:15 PM ET 2011-06-26T02:34:15

After 50 days of wreaking cyber-caper havoc, Lulz Security says it's done and will sail into the horizon.

The group has stolen mountains of personal data in a dozen different hacks, embarrassing law enforcement on both sides of the Atlantic while boasting about the stunts online.

The group's disbandment comes unexpectedly, and could be a sign of nerves in the face of law enforcement investigations. Rival hackers have also joined in the hunt, releasing information they say could point to the identities of the six-member group. One of the group's six members was interviewed by The Associated Press on Friday, and gave no indication that its work was ending.

LulzSec made its name by defacing the site of the U.S. Public Broadcasting Service, or PBS, with an article claiming that rapper Tupac Shakur was still alive. It has since claimed hacks on major entertainment companies, FBI partner organizations, a pornography website and the Arizona Department of Public Safety, whose documents were leaked to the Web late Thursday.

But at midnight GMT (7 p.m. EDT) Saturday, the group announced its final release.

"For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could," the LulzSec statement said. "All to selflessly entertain others — vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy."

"While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently," the group said.

Hacking group has its own hackers — and hubris

The group thanked supporters for sailing with it.

"The breeze is fresh and the sun is setting, so now we head for the horizon."

As a parting shot, LulzSec released a grab-bag of documents and login information apparently gleaned from gaming websites and corporate servers. The largest group of documents — 338 files — appears to be internal documents from AT&T Inc., detailing its buildout of a new wireless broadband network in the U.S. The network is set to go live this summer. An AT&T spokesman could not immediately confirm the authenticity of the documents.

LulzSec, whose name draws on Internetspeak for "laughs," has about 270,000 followers on the messaging site Twitter. Although LulzSec has declined interview requests, it has laid out its prankster philosophy in "tweets" and press releases.

"Vigilantes? Nope. Cyber terrorists? Nope. We have no political motives — we do it for the lulz," the group said in a message sent shortly after it emerged in early May.

LulzSec's Twitter mascot is a black-and-white cartoon dandy that looks like a cross between Mr. Peanut and The New Yorker magazine's monocle man. Its rambling messages are peppered with references to YouTube sensation Rebecca Black, the Dungeons and Dragons role playing game and tongue-in-cheek conspiracy theory.

Many attacks have yielded sensitive information including usernames and passwords — nearly 38,000 of them, in the case of Sony Pictures. Others appear to have been just for kicks. In a stunt last week, LulzSec directed hundreds of telephone calls to the customer service line of, a New Jersey-based manufacturer of custom refrigerator magnets.

LulzSec's actions against government and corporate websites are reminiscent of those taken by the much larger, more amorphous group known as Anonymous. That group has launched Internet campaigns against the music industry, the Church of Scientology, and Middle Eastern dictatorships, among others.

LulzSec hacks Arizona law enforcement info

On Tuesday, 19-year-old Ryan Cleary was arrested as part of a joint FBI-Scotland Yard investigation into hackings linked to both LulzSec and Anonymous.

British Police Commissioner Paul Stephenson described Cleary's arrest as "very significant," although LulzSec has shrugged off the development amid claims of independence and promised more spectacular hacks.

Cleary, accused of bringing down the website of the Serious Organized Crime Agency (Soca), has been diagnosed with Asperger's syndrome, a court has heard, according to a report in the Guardian newspaper of London.

His lawyer told District judge Nicholas Evans in Westminster magistrates court on Saturday that Cleary has the form of autism, along with agoraphobia, and that Cleary's condition had been diagnosed by a psychologist.

Cleary did not enter a plea to the five offenses Criminal Law and Computer Misuse Act charges he faces. He was granted bail but remained in custody after prosecutors objected. An appeal will be heard at Southwark crown court on Monday.

A timeline of Lulz Security's international hacking spree:

Early May: LulzSec sets up shop on Twitter and claims its first series of hacks, leaking what it says is a database of "X Factor" contestants and attacking

May 30: LulzSec breaks into the website of the U.S. Public Broadcasting Service, or PBS, posting a phony story claiming that dead rapper Tupac Shakur is actually alive in New Zealand. The hack came after the broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange. PBS's ombudsman defends the program's treatment of Assange as "tough but proper."

June 2: LulzSec announces that it has broken into Sony Pictures Entertainment, posting the usernames, passwords, email addresses and phone numbers of tens of thousands of people, many of whom had given the company their information for sweepstakes draws. The group said it had compromised about 1 million accounts but could only leak a small selection. Sony calls in the FBI.

June 3: The hackers strike again, this time announcing that they've stolen about 180 passwords from the Atlanta chapter of an FBI partner organization called InfraGard. The group also claims to have used one of the passwords to steal nearly 1,000 emails from Unveillance LLC, an Internet surveillance company in Delaware. Among the emails is a report outlining how Libya's oil infrastructure could be compromised by sophisticated computer viruses.

June 10: LulzSec leaks what it says is a database of email addresses and passwords belonging to users of an established pornography website. A handful appear to belong to U.S. Army personnel.

June 13: LulzSec attacks the U.S. Senate, although there doesn't appear to be much damage. A law enforcement official says that a public-facing server was accessed and that no other files were breached. The group also claims to have stolen information on more than 200,000 users from video game company Bethesda Softworks, which makes games such as "Brink" and "Fallout: New Vegas."

June 16: LulzSec claims responsibility for technical problems with the CIA's public website.

June 20: LulzSec claims to have hit another branch of InfraGard — this time in Connecticut — compromising several hundred more accounts. The group also claims responsibility for bringing down the public website of Britain's FBI equivalent, the Serious Organized Crime Agency.

June 21: A 19-year-old Brit is arrested on suspicion of cybercrime following a joint FBI-Scotland Yard investigation. He's later charged with attacking the Serious Organized Crime Agency. British police have hailed the arrest as a significant development, but LulzSec says his involvement with the group was only tangential. The teen has yet to enter a plea.

The Associated Press contributed to this story.


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments