Published June 16, 2011
They might have just brought down the CIA's website, but the latest group of hackers on the scene are nothing more than "schoolboys."
That's the challenge thrown down by the head of technology at Sophos, Paul Ducklin, who claims the anonymous collective Lulz Security have to "grow some moral spine" if they want to be taken seriously.
In the past two weeks, Lulz have launched cyber attacks on Sony, Nintendo, gamers at Eve Online, a company that works for the FBI and the U.S. Senate. They claim their motive to be nothing other than showcasing companies' online weaknesses "for the Lulz."
Yesterday, they opened up a hotline and called on the public to suggest their next target.
The hotline number spelled out "LULZSEC" and had an area code in Ohio.
A recorded greeting featured a man speaking with an exaggerated French accent explaining that "Pierre Dubois and Francois Deluxe" were unavailable because they were up to mischief on the Internet.
Panda computer security firm labs technical director Luis Corrons said setting up a telephone hotline was "kind of eccentric" given that the hackers could have easily set up an online forum asking for targets.
"These guys are upsetting a lot of people," Corrons said. "They think they will never be caught, and that could be their biggest mistake."
Lulz certainly pushed their luck Wednesday, when they claimed credit for the shutdown of cia.gov.
"Tango down - cia.gov," they tweeted at @LulzSec.
"For the lulz."
Which sounds impressive, but over at Sophos, Ducklin said what Lulz was doing was "about as intellectually interesting and important as a bunch of schoolboys boasting in the playground about who's got the hottest imaginary girlfriend."
He said most of the break-ins had been "languorously orchestrated, using nothing more sophisticated than entry-level automatic web database bug-finding tools, available for free online."
He admitted Lulz's behavior was a "timely wake-up call," but insisted that didn't justify LulzSec's behavior.
"Time spent throwing bricks through other people's digital windows doesn't actually teach anyone anything about glassmaking, glazing or civil engineering," Ducklin said. "If you consider yourself a hacker and you have time to spare, grow some moral spine and use your skills for active benefit."
"Follow the lead of a guy like Johnny Long and hackersforcharity.org," he added. "I dare you to look at his site and decide that LulzSec is a more worthwhile cause."