LulzSec posts a "manifesto"

@LulzSec commemorates their own thousandth tweet by posting a manifesto of sorts. The message, such as it is, seems to be less "we're in it for the lulz" and more "we are doing this to draw attention to the poor state of internet security." But have fun making sense of it.



  1. I don’t know, I thought it made perfect sense. They’re being up front (supposedly) about what they are doing, while acknowledging the duality of their “cause”.

    I get the impression that these cats are very smart, really know what the hell they’re doing, and are sick of all the bs they see around them. They almost certainly work in the industry and thought, “well, we’ve tried to wake people up every way possible to their security issues. What else is left? The Robin Hood method, but with a dignified Robin Williams personality? I’m listening…”

    And hence, LulzSec was born.

  2. i hope the internet comes down hard on them. it’s one thing to “point out security flaws”, but it’s quite another to jack up regular people’s lives for lulz and then say “aww, don’t be a hater!” and try to hide behind a banner of morality.

    1. franko —

      1. the LulzSec guys want to improve internet security. And have fun.

      2. Corporations have been ignoring security experts for years.

      3. They publicly embarrass these corporations by exposing user data. Corporations take notice and implement security changes. And fun is had. At least for LulzSec, and unaffected bystanders. The greater good, and all that.

      Would FB, Twitter, and others have switched over to SSL-by-default if Firesheep had not been released? Doubtful.

      1. Okay, and what about the people whose Facebook pages were vandalised, whose paypal accounts were emptied, who had some anonymous geek sending out malicious emails from their email account to friends and family. Were they having “fun”?

        They’re hurting ordinary people, who they describe with contempt as “peons” because those ordinary people didn’t update their passwords regularly enough.

        They’re not good guys. To say the least.

  3. franko,

    Yes, it’s playing complete moral equivalency and relative harm, but a simple logical chart would lead one to the conclusion that:
    1. hackerz exist and are haxoring right now
    2. among hackerz, there are those who announce their works and those who stay silent
    3. among both groups, there are those who Do Evil with stolen data and those who Don’t Do Evil
    4. LulzSec says they are in that fourth (rare) quadrant: they both announce what they do and they Don’t Do Evil.

    We can take that at face value, or we can doubt it, because there is an overriding POSIT: people only pay attention to security when they know about it. LulzSec says they are doing this to get people to act, and for the lulz. In the end, the response is the same: companies need to dramatically increase their security. If anything, the public nature eliminates the option for a compromised company: they cannot enact a cover-up (even if they know they were breached but the public doesn’t).

  4. The Unibomber published a manifesto and it got him arrested. Keep your heads down people. Don’t try to take the credit.

  5. This whole, “just pointing out security flaws” thing, seems a bit like punching someone in the face to point out flaws in their personal security. And then as they lie on the ground bleeding you say, “You’re lucky it wasn’t someone else who would have punched you even harder!”

  6. Do try to keep up BoingBoing. LulzSec is finished. Pretty much when they tried to flip th3j35t3r the finger (a couple of days ago) they pressed the self distruct button. Script kiddies drunk on Zeus source code power, these idiots are totally going to jail. Enjoy being butt-r*ped for about 30+ years – for the LULZ! (or whatever)

    Kids… no respect.

  7. Ya know, there are a LOT of wood-shingled roofs around town. I think I’ll go set them all on fire so that people will be aware of the fire danger they represent.

    I’ll be a hero.

Comments are closed.