Who's behind all these hacks, anyway?


Every day there's another report of a computer hack. Yesterday it was a video game company and a U.S. Senate database. And today it could be the Federal Reserve. There's no doubt that there's a wave of attacks going on right now, against different targets and with seemingly different motives.

The questions on everyone's mind are who is behind these computer attacks and why are they doing it. This FAQ will help answer those questions in at least some of the cases.

Who is Anonymous?
Anonymous is the best known of the groups that are currently active and publicly taking credit for, even publicizing in advance, attacks on Web sites. It's a decentralized group that specializes in organizing distributed denial-of-service (DDoS) attacks designed to shut down sites, particularly in support of freedom of speech. Past targets have included the Church of Scientology, BMI, the governments of Egypt and Iran, and companies owned by conservative activist billionaires Charles and David Koch. They also conducted a massive compromise of the security firm HBGary Federal, which had reportedly been working with the FBI to identify the leaders of Anonymous.

They launched a series of effective DDoS attacks against PayPal, Visa, and MasterCard late last year after the companies stopped enabling WikiLeaks to receive contributions through those means. Sources told CNET that the group has undergone a loss of membership and radical shift in direction and organizational participation since the arrest of a 16-year-old alleged member in the Netherlands late last year, the arrest of five people (ages 15-26) in the U.K. in January, and the issuing of more than 40 arrest warrants in the U.S. Member identities were reportedly leaked on the Internet as well. The group's strong anti-establishment and political messages have led some to call them hacktivists, which refers to activists who hack. It's unclear how many people participated in their campaigns, which they call "operations," because their system is designed to allow for confidential participation.

Who have they targeted recently and why?
Anonymous pretty much started the recent spate of hackings against Sony, hitting several Sony sites with a DDoS in early April in retaliation for Sony taking several PlayStation 3 hackers to court. PS3 "modder" George Hotz and Sony eventually settled out of court. But attacks on Sony continued, with a major breach at the PlayStation Network that exposed 77 million customer records and at Sony Online Entertainment where more than 24 million records were exposed. Sony has suggested connections between Anonymous and the breaches. While Anonymous was admittedly behind the initial DDoS, it says it wasn't behind the PSN and Sony Online Entertainment breaches, and hasn't claimed credit for any other Sony attacks. Last week, Spanish police arrested three people accused of taking part in Anonymous activities and Anonymous members retaliated by hitting the Spanish National Police Web site. This week, Turkish police arrested 32 people, including eight who were teens, within days of the group launching a campaign to shut down a Turkish government site in response to new Internet filtering laws. Yesterday, Anonymous was planning an attack on the site of the Federal Reserve for today.

Who is LulzSec?
LulzSec first popped up in early May seemingly out of nowhere. But sources told CNET that the group is a spinoff from Anonymous ranks, but with no pretense of having a political message or moral principle. Indeed, the group's name, LulzSec--a derivative of LOL (laugh out loud) combined with security--is a strong indication that the group's motivation is to just hack for kicks and entertainment. The group makes a lot of jokes and taunts on Twitter and today said it would take hacking target requests. "Pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon - take aim for us, twitter."

Who have they targeted?
LulzSec began publicizing its hacking in May with the compromise of the Web site of the Fox TV show "X Factor" and exposed personal information of contestants, followed by release of internal Fox data. The group also has taken credit for hacks of Sony Music Japan, Sony Pictures, Sony BMG Belgium and Netherlands, Sony Computer Entertainment Developer Network (allegedly stealing source code) and Sony BMG, according to this timeline.

LulzSec hacked the site of PBS.org late last month, leaked passwords, and pasted a spoof news article on the site claiming that deceased rappers Tupac Shakur and Biggie Smalls were alive and residing in New Zealand. The group claimed they were punishing PBS for a Frontline program on WikiLeaks that they claimed was biased against the whistleblower site. LulzSec also has targeted Nintendo and the Web site of FBI partner Infragard in an attempt to embarrass the agency. LulzSec said it took the action against Infragard because of a plan by the Obama administration to classify cyberattacks as acts of war. Among the passwords on the Infragard site was one used by the CEO of botnet tracking firm Unveillance. The CEO told CNET that the hackers used the password to read his e-mails and listen in on conference calls and that they threatened to extort money and botnet data from him. Botnets composed of compromised computers are typically used to send spam and to launch DDoS attacks.

LulzSec recently went public with data stolen from a U.S. Senate Web site and released data stolen from the site of Bethesda Softworks, a subsidiary of gaming company ZeniMax Media. The group also recently compromised a site at the U.K. National Health Services. LulzSec did not release the information publicly, but sent an e-mail to the agency warning them about the problem and then released a redacted version of the e-mail to the public.

Who is Idahc?
Another hacker who has taken credit for attacking Sony is known as Idahc. He has identified himself as a 18-year-old Lebanese computer science student. In an interview this week with Andy Greenberg at Forbes, Idahc said he began hacking for "justice," then it became a game and now he's trying to prompt organizations to improve the security of their Web sites. "I don't hack for 'lulz' but for moral reasons," he said in the interview, adding that he considers groups like LulzSec to be "black hat," or criminal, hackers, and that he is a "gray hat" hacker.