Lulz Security, commonly abbreviated as LulzSec, was a computer hacker group that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group has been described as a ‘cyber terrorism group’ by the Arizona Department of Public Safety after their systems were compromised and information leaked.

It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. LulzSec released a statement claiming to to disband on June 26, 2011.  The ’50 days of lulz’ statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website is to be taken down.

LulzSec draws its name from the neologism ‘Lulz,’ (from LOLs) which often signifies laughter at the victim of a prank, and ‘Sec,’ short for ‘Security.’ The Wall Street Journal has characterized its attacks as closer to Internet pranks rather than serious cyber-warfare. It has gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that have been hacked. It frequently refers to 4chan memes when defacing websites.

The group first emerged in May 2011, and has successfully attacked the websites of several major corporations. It specializes in finding websites with poor security, and then stealing and posting information from them online. It has used well-known straightforward methods, such as SQL injection, to attack its target websites. Several media sources have described their tactics as ‘grey hat’ hacking.

The group has used the motto ‘Laughing at your security since 2011!’ and its website plays the theme from The Love Boat. It announces its exploits via Twitter and its own website, often accompanied with lighthearted ASCII art of boats. Its website also includes a Bitcoin donation to help fund its activities. LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes.’ The group has also been critical of white hat hackers, claiming that many of them have been corrupted by their employers.

Some in the security community have lauded them for raising awareness of the widespread lack of effective security against hackers.

The group’s first recorded attack was against’s website. It claimed responsibility for leaking information, including passwords, altering several employees’ LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants.[15][16] They claimed to do so because the rapper Common had been referred to as ‘vile’ on air.

LulzSec does not appear to hack for financial profit. The group’s claimed main motivation is to have fun by causing mayhem. They do things ‘for the lulz’ and focus on the possible comedic and entertainment value of attacking targets. The group occasionally has claimed a political message. When they hacked PBS, they stated they did so in retaliation for what they perceived as unfair treatment of Wikileaks in a Frontline documentary.

‘Operation Anti-Security’ contained justification for attacks on government targets, citing supposed government efforts to ‘dominate and control our Internet ocean’ and accusing them of corruption and breaching privacy.

LulzSec has denied responsibility for misuse of any of the data they breach and release. Instead, they place the blame on users who reuse passwords on multiple websites and on companies with inadequate security in place.

In June 2011, the group released a manifesto outlining why they perform hacks and website takedowns. In it they reiterated that ‘we do things just because we find it entertaining’ and that watching the results can be ‘priceless.’ However, they also claim to be drawing attention to computer security flaws and holes. They contend that other hackers sell user information without releasing the names publicly or telling people they may possibly have been hacked. LulzSec said that by releasing lists of hacked usernames or informing the public of vulnerable websites, it gives users the opportunity to change names and passwords elsewhere that might otherwise have been exploited.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.