Anti-security

LulzSec – Just a “pain in the bum”

Remember the excitement around LulzSec, an Anonymous splinter group who orchestrated a 50-day hacking orgy in the spring of 2011? They hit Sony, hacked the US Senate’s web server, leaked an “X Factor” database, and defaced The Sun and Times websites. These exploits and so, so many more dominated TV channels, news outlets, and social media. We were—ok, I at least was—hooked, wondering what breach, leak, or prank they would cook up next.

Interesting and exhilarating times?

Well, the Federal Bureau of Investigation (FBI) and the British Metropolitan police would probably beg to differ.

This leaked recording from February 2012 serves as microcosm of the cat and mouse game that exists between law enforcement and some hackers. It shows the boldness that underpinned LulzSec’s incriminating, but still shenanigan-like actions.

In this five-minute-long phone call, we hear four detectives addressing the cases against two UK-based LulzSec members, Ryan Cleary and Jake Davis. At the time, both had been charged for hacking websites (and both were ultimately sentenced). Along with discussing operational matters and the “wannabe” hacker that leaked details of 32,000 users of the online game platform Steam, the British and American officers chit chatted about cheese, McDonalds, and the “boringness” of the English city of Sheffield with its “huge shopping centre”, “big roundabout” and infamous “nightclub.” Bearing in mind that this conference call was involuntarily published, it’s understandable that one agent considers hackers as a “pain in the bum”.

Perhaps the call’s greatest moment of irony came when the FBI representative mused: “I am not sure if we are the only two on right now or not”.

So how did the LulzSec hackers manage to eavesdrop? Well, they had breached law enforcement email accounts containing a memo that included both the required phone number and conference call access code. The call was also not conducted on a secure line.

With the release of the audio stream, LulzSec really lived up to their motto of “laughing at your security since 2011”. The recording is consequently an important historical artefact of the Anonymous/LulzSec era. And it is a good reminder: don’t send telecom invites that include both the dial in numbers and the participant PINs, especially if the call is about hackers!

Back to Anti-security