By Samuel Elliott Novacich, Contributing Reporter
RIO DE JANEIRO, BRAZIL – At midnight on June 26th, Lulz Security, the international hacker group responsible for cyber attacks against corporations and governments worldwide, announced that after “50 days of Lulz,” the group was finished. Lulz Security’s “Brazil unit” in the past week claimed responsibility for hacking into about a dozen government websites, publishing private passwords, and altering existing website material.
In a surprise press release, the group stated that “For the past fifty days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could…it’s time to say bon voyage.”
Lulz Security was responsible for infiltrating, altering, and leaking information from numerous Brazilian government websites, including the Superior Tribunal de Justiça (STJ, Supreme Court), mayors’ offices of Rio de Janeiro and Belém, Portal Brazil, the Ministry of Defense, Ministry of Health, and Ministry of Culture, the Administration Department of Mato Grosso, Universidade de Brasília (UnB), and Petrobras.
The group claims to have infiltrated Petrobras’ internal network, releasing passwords and employee information. The company denies the claim however, stating in their own press release “Petrobras ensures that its network has not been invaded and that there was no change in content or data breach.”
Yet on Friday June 24th, Lulz Security published on its website what it claimed to be data leaked from the oil company, and on Saturday June 25th published what it claimed to be the address, login, and password to one of Petrobras’ main servers. Former employees of the company have confirmed legitimacy of the information, though report that confidential or high profile material was not included in the data dump.
Lulz Security first appeared in May of 2011, after an attack against Fox.com in which the group leaked several corporate passwords, LinkedIn profiles, and 73,000 names of the television show “X Factor” contestants. The group immediately claimed responsibility for the security breach, calling the action a retaliation against Fox News Channel for calling Common, a popular rapper, “vile”.
Lulz Security went on to attack the website of the Public Broadcasting System (PBS), publishing a fake story on the PBS website claiming that Tupac Shakur (deceased popular rapper) was alive and living in New Zealand. They later stated that the attack was motivated by its desire to defend Wikileaks.
Over the last fifty days, the group has remained active, gaining attention and notoriety through attacks against the websites of prestigious targets including the United States Senate, FBI, and CIA, shutting down the latter’s website with a Denial of Service attack for over two hours. Lulz Security captured the attention of many as a result of their playful communications.
After infiltrating the senate.gov website and releasing the log-in and passwords of a number of users, the organization poked fun at government agencies by writing, “This is a small, just-for-kicks release of some internal data from senate.gov — is this an act of war, gentlemen? Problem?” referencing recent remarks by the Pentagon that certain cyber attacks should be considered acts of war.
In a last bid at satire, Lulz Security posted some final words and a press reminder on their Twitter account, tweeting, “Oh, oh, finally! Media, please be sure to report on the actual files we leaked, not just our silly press statement. Much love. <3 Ciao. <3”