It's been quite a ride, but after several months of taunting the FBI, mocking the arrest of an alleged LulzSec member, and releasing some documents from the Arizona Department of Public Safety, LulzSec announced via a post on Pastebin that they were calling it quits.
Opinions about LulzSec have been all over the map, with some thinking that the LulzSec brand of hacktivism should be welcomed, as it exposes how lousy IT security really is. LulzSec's own marketing efforts seem to bear that out, with their trademark retro ASCII character art shouting out slogans like "Laughing at your security since 2011!" and "Set sail for fail!".
If companies and government agencies -- like security vendor RSA, defense mega-contractor McDonnell Douglas, and an endless list of poorly defended government agencies -- can get phished and hacked, what does that mean for companies and individuals that don't have that same level of resources? I've written about how too many end users are woefully unprepared to defend themselves from cybercriminals. Does anyone really know how many Facebook IDs and passwords are being hacked over WiFi using the Firesheep Firefox plugin at Starbucks locations at this very moment? I think I can hear the collective shudder at the thought of that.
At the other end of the spectrum are those that think LulzSec are online criminals of the first order, and should be pursued and prosecuted. Hacking FBI partners and the homepage for SOCA (England's equivalent to the FBI) were gutsy (or foolish) moves, and were the online equivalent of waving a red flag at a snorting bull. Some are arguing that LulzSec's decision to end their online reign of chaos and mayhem is due to finally feeling some heat from law enforcement. One can hope that the likes of the CIA, NSA, and FBI have the cybersleuthing chops to track down a small band of hackers, especially considering that these same agencies are tasking with tracking down professional online criminals and ferreting out the digital fingerprints of terrorists and bad actors whose pernicious goals make the online antics of LulzSec seem tame and juvenile by comparison.
So LulzSec is pulling up anchor and sailing into the sunset, claiming that their days of hacking, pastebinning, Tweeting and online shaming have drawn to a close. Time will tell if we truly have seen the end of LulzSec, but it definitely was a memorable voyage.
What are your thoughts on the activities of LulzSec? Are they wayward hackers out for a joyride, independent hacktivists looking to poke their fingers in the eye of authorities, or are they cybercriminals who should be aggressively pursued by law enforcement? Feel free to add a comment to this blog post or start up a discussion on Twitter.
Follow Jeff James on Twitter at @jeffjames3
Follow Windows IT Pro on Twitter at @windowsitpro