A hacker known as “The Jester” claims to have revealed the identity of a LulzSec member who may be the group’s leader. Thirty-year-old Xavier Kaotico, also known as Xavier de Leon or “sabu,” has been outed as the hacker prankster group’s leader, though his role and involvement with LulzSec has not been confirmed. The man allegedly lives or has recently lived in New York City, and is an independant IT consultant specializing in Python programming, Linux development, network security and exploit development. LulzSec, a small group of hackers that has become the focus of the international technology media over the past few weeks, has claimed responsibility for carrying out a number of malicious breaches. Recent LulzSec targets include websites belonging to Sony, Citigroup, the CIA and the U.S. Senate. After a public spat between the two high-profile hacker groups, LulzSec united with “Anonymous Operations” to wage a cyber war against the U.S. government, stating, “Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.” LulzSec has not directly addressed the allegation that Kaotico is its leader, though it has posted messages to its Twitter account mocking The Jester, who calls himself a “Hacktivist for good. Obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, and other general bad guys.” More →
LulzSec isn’t making any friends in the U.S. government or within any of the numerous companies that own the websites it has hacked, and apparently the group has managed to rub a few other hackers the wrong way as well. A website said to belong to a Dutch member of the hacker group LulzSec has reportedly been hacked by another group known as “TeaMp0isoN.” The site has since been taken down, but not before a 17-year-old TeaMp0isoN member was able to infiltrate it and post a statement. “Stop telling yourself that u are hackers, putting a ip into a irc is NOT hacking nor is using pre-made tools and scripts to grab databases,” the statement read. “You do not represent the anti-sec movement, u are not allowed to greet underground groups like zf0, ab, h0n0, el8 like your member ‘AnonSabu’ was doing, you will never be apart of the underground scene, if anyone thinks you are underground and can actually hack they have no idea about what happens in the underground scene.” The hacker went on to state that he plans to expose pictures, addresses, passwords, IP addresses and phone numbers belonging to members of LulzSec. TeaMp0isoN’s full statement follows below.
UPDATE: The Dutch owner of the aforementioned hacked website, Sven Swootleg, denies any involvement with LulzSec. His full statement now be found below, beneath TeaMp0isoN’s statement. More →
There are numerous reports claiming that the leader of the now infamous hacking group LulzSec has been arrested in the United Kingdom. According to London’s Metropolitan Police, the shadowy leader was a 19-year old responsible for hacking “a number of international businesses and intelligence agencies.” The group took responsibility for Sony’s recent massive security breach and has also targeted a number of high-visibility websites, including that of the Central Intelligence Agency, and has waged war on the U.S. government with another group dubbed Anonymous. Despite the reports, however, LulzSec has denied that any of its members have been arrested. Early Tuesday morning the group tweeted: “Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here! Which poor b****** did they take down?” More →
Call it a meeting of minds or call it an unholy matrimony — in either event, the recent rash of high-profile breaches is about to get an adrenaline shot. Hacktivist group Anonymous and a crew of emerging merry hackers known as are joining forces to target the dissemination of government secrets and the defacement of other websites such as those belonging to banks. “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean,” LulzSec said in a statement on Monday. “Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.” Operation Anti-Security — or AntiSec, as the group has dubbed the mission on Twitter — encourages fellow hackers to “open fire on any government or agency that crosses their path.” Hit the break for Lulz Security’s full statement. More →
Remember Citigroup’s recent security breach? The firm originally said that 200,000 accounts — 1% of its customers — were compromised, but now Citi is going on record and saying that hackers gained access to a total of “360,083 North America Citi-branded credit cards.” Unfortunately, the company hasn’t provided any details on how the attack occurred, or who was behind it; the infamous hacking group LulzSec, which claimed responsibility for a number of recent high-profile targets including Sony, hasn’t yet mentioned any involvement. If you’re an optimist, the good news is that Citigroup says the number of active accounts affected is actually below the 360,000 figure — because of subsequent account closures — and that the hackers didn’t steal info enough to actually use the credit card numbers. 217,000 customers have already been provided with replacement cards, and California residents were hit the hardest — 80,000 of the numbers stolen were from that state. More →
Sony has released more information regarding a recent breach suffered by one of the many Sony properties that have been targeted by hackers over the past few months. The company said on Wednesday that personal information belonging to 37,500 users has been compromised as a result of a cyberattack on the Sony Pictures website last week. Hackers from a small group known as Lulz Security claimed to have accessed over one million accounts during their breach of the Sony Pictures site, but they were only able to download a small sample of those records due to their limited resources. Sony states that no credit card numbers were stored on the website’s servers, but information including names, genders, addresses, email addresses, phone numbers, birth dates, user account names and passwords was taken during the breach.
UPDATE: Sony Pictures’ letter to customers affected by the breach can now be seen after the break. More →
A small group of hackers calling themselves LulzSec on Thursday claimed to have breached a Sony website and gained access to personal information belonging to over 1 million Sony customers. The group posted a statement claiming it did not have the resources to download the massive database tied to SonyPictures.com, but it provided samples of the data accessed in order to prove the breach was real. The Associated Press contacted several of the purported victims using phone numbers posted by LulzSec, and it was able to confirm with multiple victims that the data, which included account passwords, was authentic and accurate. Sony has not yet confirmed the breach, though a company spokesperson did say Sony is currently investigating the claims. This new breach is the latest in a string of hacks on various Sony networks that have compromised personal data belonging to over 100 million Sony customers. More →
Hackers from a group called LulzSec announced on Thursday that they had breached sonypictures.com, the website belonging to Sony-owned studio Sony Pictures. The group claims to have compromised personal information belonging to over 1 million users, including user names, passwords, home addresses, dates of birth and other sensitive data. The group also claims to have accessed 75,000 “music codes” and 3.5 million “music coupons.” LulzSec says it employed a simple SQL injection technique to access the data, and that Sony Pictures’ site was not secure and was therefore easy to breach. The hackers did not have the resources to download all of the exposed data, but they say they did obtain samples in order to prove the authenticity of the attack. LulzSec’s statement on the breach is after the break. More →