LulzSec dumps what they claim is "final" release, with signoff statement: "50 Days of Lulz"

9bt51.jpg

paiaoaadn.jpgLulz Security, or LulzSec, just released a sort of "50 day retrospective" and farewell statement on Pastebin, along with a torrent that is listed as containing a new set of ill-gotten files. We haven't downloaded and analyzed yet, and the legalities of doing so may vary wherever you are-- so beware.

The screengrab above is the "navy.mil owned" graphic, and purports to be evidence of defacement of the US Navy website.

The file list:

50 Days of Lulz.txt 2.64 KiB
booty/AOL internal data.txt 63.6 KiB
booty/AT&T internal data.rar 314.59 MiB
booty/Battlefield Heroes Beta (550k users).csv 24.67 MiB
booty/FBI being silly.txt 3.82 KiB
booty/Hackforums.net (200k users).sql 111.2 MiB
booty/Nato-bookshop.org (12k users).csv 941.8 KiB
booty/Office networks of corporations.txt 3.87 KiB
booty/Private Investigator Emails.txt 2.52 KiB
booty/Random gaming forums (50k users).txt 6.08 MiB
booty/Silly routers.txt 67.7 KiB
booty/navy.mil owned.png 240.51 KiB
A copy from what appears to be their signoff statement follows (Pastebin isn't forever). Who knows whether it is what it appears to be, or just another prank. It mentions in closing that LulzSec is a "crew of six". Wonder what exactly led to the decision to shut down right now, if in fact that's what's really happening? Too much heat? Too many IRC leaks? That latest doc from "The Jester"? The UK arrest was too close to home? Hard to know from the outside, at this point.

Friends around the globe,

We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...

Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

68

  1. Weird, if in fact they really are shutting down operations. Wouldn’t be surprised if it’s just a joke. If it is in earnest, how likely is it that it’s due to jester posting that stuff about their CloudFlare configuration? You have to admit the timing of it makes it appear that way.

    1. NOOOOOOOOOOOOOOOOOOO!

      @ Teller
      I hope so. Even if they weren’t saints, they gave me hope that some of the “dirty laundry” kept secret would been dragged into light by them.

      Farewell, Lulzsec. I’ll miss you. And I’ll never give up hope to see you back again.

      YARRRR!

  2. Makes sense to keep it brief. They must surely know the risk they are taking with being so high profile. They have many of the worlds law enforcement agencies after them. Would only be a matter of time until they got caught. Best to burn the ships now while the burning is good.

  3. Jester is a joke. Anyone even remotely competent could have found the IP address of LulzSec’s server. CloudFlare isn’t meant to hide the IP. You can even e-mail their abuse team and ask for it.

  4. Leaving aside the right and wrong of what they have done, I can’t help but love the pure SF concept of a shadowy gang of hackers forming a plan, wreaking havoc and then disappearing, for reasons known only to themselves. I particularly love that they just came out of nowhere, and have twisted a massive number of legal, security and political people into knots.

    That said, we have heard of many celebrities retiring, then having comeback concerts over and over again.

  5. Jester is a joke. Anyone even remotely competent could have found the IP address of LulzSec’s server. CloudFlare isn’t meant to hide the IP. You can even e-mail their abuse team and ask for it.

    Sure, and it would just lead you to nobody. They aren’t stupid, they’ll be layered through Tor and similar services.

    This kind of security can’t be maintained for long – the government thugs will break into one datacentre after another and steal all the hardware (including that of anybody who was in a nearby rack) until they get to the end of the trail. Which is exactly why you don’t want to keep it up for long.

    1. My fantasy was that they would use that as a tactic to takedown somebody.
      Get some rack space right near a target, set it up as bait, and if the FBI seized the surrounding servers ineptly as before they’d be doing the takedown themselves.

    2. … until they get to the end of the trail. Which is exactly why you don’t want to keep it up for long.

      Hahaha…

      The end of the of trail can be a republican politician one doesn’t favor. One can pick up targeted wifi signals from afar with some very simple methods (and there’s much more powerful solutions than that, BTW), crack the WPA/WPA2 pre-shared key (or cut through WEP like butter) and have at it.

      And, if one is lucky, the overzealous FBI will blow up the house you’ve targeted and the republican will be burned to death.

  6. Seems like just last week when some folks were saying that arresting a few people would not help deter the crimes. Because it was.

  7. And now anybody in the scene with an ounce of credibility can make life suddenly difficult for up to six people.

  8. This might have been the best move they’ve done. Not because I don’t like them or think they’re better off gone. Quite the opposite!

    But by leaving, they obviously stop making tracks that entities like the FBI could sniff.
    And they immortalize the concept of the Lulzboat, to be sailed in the future by whatever group that thinks itself capable of keeping the “mythology” alive, keeping certain characteristics and ideals intact. This also keeps it extremely amorphous and vaporous. And I don’t care what amde them do it.

    One thing’s for sure: they’ve created a platform.

    I’m also surprised by how humble the farewell message sounds. Why couldn’t they be like that all the way? :P If only they knew that being like this would get more people on their side.

    1. And they immortalize the concept of the Lulzboat, to be sailed in the future by whatever group that thinks itself capable of keeping the “mythology” alive…

      So…they’re the Dread Pirate Roberts?

  9. Funny how everything about the whole affaire l’Ulz sec leads us back to things we already knew about human nature. I’ll give them this: it’s pretty good performance art, and it even has a moral, although probably not the one they meant.

  10. Oh God. My heart is broken. I can’t believe this.

    Today is a bittersweet day. Gentlelizards, I salute you.

    [single manly tear]

  11. Of course they are going dark. The FBI and Scotland Yard are hot on their heels and many of them will be sleeping rough for the next few months on friend’s couches and supporters spare rooms. The guys who wrote Stuxnet are not going to have that many problems finding these guys. And anyone who thinks a 19-year-old kid is going to adopt the mafia code of silence is kidding themselves…

    1. Of course they are going dark. The FBI and Scotland Yard are hot on their heels and many of them will be sleeping rough for the next few months on friend’s couches and supporters spare rooms. The guys who wrote Stuxnet are not going to have that many problems finding these guys.

      That’s assuming some of the folks who wrote Stuxnet aren’t a part of LulzSec, isn’t it?

      ^_^

  12. Incredible. They seem completely, totally unaware of how much damage they’ve done to literally MILLIONS of totally innocent people. “Ha ha, we stole your identity and put it on the internet for anyone to abuse, isn’t that funny? Let’s laugh at how funny that is LULZ LULZ LULZ.”

    They act like this was all some great big gift and now we’re having our cliched sad parting as they sail off into the sunset with a wink and a smile. They act like we have ANY reason to believe them.

    They aren’t being humble. They’re being massive egotists, pretending that their theft and vandalism is liberation and art.

    They act like it’s never crossed their mind just what would happen if people no longer trusted the internet with any personal information, down to a meager login and password. They don’t seem to realize just how critical that trust is to the global economy.

    Good riddance.

    1. They act like it’s never crossed their mind just what would happen if people no longer trusted the internet with any personal information, down to a meager login and password. They don’t seem to realize just how critical that trust is to the global economy.

      No…replace “their” and “they” with Entities on the Internet Who Don’t Bother With Good Security, and your statement will be correct.

      The point of LulzSec (besides the lulz) was to point out that from top to bottom, the internet is filled with companies and governments who violated user trust by not caring about security, and to publicly shame them. I’m not sure if the latter was accomplished, but the former certainly was.

      “No one loves the messenger who brings bad news.” — ‘Antigone’, Sophocles

      1. Oh yeah? They’re just the messenger? So the message is, “if you can’t personally set up the BEST security on the internet AND insist all of the companies you use have the same, you don’t deserve to use the internet and also everyone else can steal your credit card?” They just HAD to dump all that personal information to deliver their “message” of… of what, please tell me, what are we learning here. That corporations are imperfect? It’s not that they WANT to get hacked because trust me, they don’t.

        If a man steals my wallet, the problem isn’t that I wasn’t carrying a gun. It’s that that man stole my wallet. Well LulzSec can’t steal my wallet and pretend they’re just trying to teach me to arm myself, and they certainly can’t expect me to thank them for it. They also aren’t going to teach me not to carry a wallet, because I kind of need that wallet. I’m an adult and I have bills to pay. I’m not a trust-fund teenager living in the basement of daddy’s mansion, playing hacker because I don’t understand that actions have consequences, even when they’re “funny.”

        But don’t let that ruin the view from the soapbox. You might want to step down and check your recent credit card transactions at some point, if you, y’know, care about that kind of thing.

        1. I agree with the Lulz of a little chaos here and there, but I have to take umbrage with their hacking of the Navy site shown above. It’s the Navy’s job advertisement website, so what Lulz has done is screw with the possibility of people finding work. Lay off hacking jobs boards–I’m sure there are juicier candidates elsewhere who deserve to be messed with.

          1. Navy site shown above. It’s the Navy’s job advertisement website, so what Lulz has done is screw with the possibility of people finding work

            A large part of the military isn’t “work”. It’s welfare queens living off the backs of those of us who really are being productive members of our communities and society at large. They’re “working” to enable murderous, profit-taking ventures that benefit already obscenely rich corporatists who manipulate the populace into endless war (profits).

            You’re in the military? Get a real job, welfare queen. If you’re not a whistleblower, then you’re just a part of the wicked waste of our tax dollars. This is the information age, so ignorance is no excuse. Educate yourself or continue to fight for the enemy of the American people and the world. Our military has been corrupted at the top by corporatists that put Lockheed Martin profits over the American public.

            You want to REALLY save Americans? How about these 40,000 plus Americans that die EVERY YEAR because of the corporatists that spread LIES every day that keep Americans in the dark about single payer systems? You want to be a REAL HERO that SAVES LIVES? Then quit profiting off of misery, waste and LIES.

            Or just quit fooling yourself and admit what you are. A waste.

          2. +1 * ∞

            Lulz are good. As Rob pointed out, lulzsec are kindly providing evidence that many major corporations are doing sweet f/a to protect our information. Would you rather such a shocking reality reveal itself in a way that publicly shames the organisation involved and allows us to know there’s been a breach, or to not be revealed at all and just live in ignorant bliss while our info is in the hands of god-knows-who?

            Also, I notice that the original torrent link on TPB has been taken down and another one (which seems to be much smaller) has been upped instead? In any case Google Cache wins the day again because you can’t kill a torrent that people want to download:
            http://webcache.googleusercontent.com/search?q=cache:DgO_-HAW6noJ:thepiratebay.org/torrent/6495523/50_Days_of_Lulz+%2250+Days+of+Lulz%22&cd=1&hl=en&ct=clnk&gl=au&client=firefox-a&source=www.google.com.au

            Also there does seem to be one trojan in the package, but it allegedly comes from the AT&T internal data. Do you think this is just an oopsie by someone at AT&T, or is this a sneaky attempt at adding members to a botnet?
            http://img714.imageshack.us/img714/1232/atttrojan.jpg

          3. Also there does seem to be one trojan in the package, but it allegedly comes from the AT&T internal data. Do you think this is just an oopsie by someone at AT&T, or is this a sneaky attempt at adding members to a botnet?

            Hmm, that might very well be a false positive from AVG, I haven’t looked at it personally though.

            http://forums.malwarebytes.org/index.php?showtopic=6873

          4. Also there does seem to be one trojan in the package, but it allegedly comes from the AT&T internal data. Do you think this is just an oopsie by someone at AT&T, or is this a sneaky attempt at adding members to a botnet?

            Update:

            Ok, I see… it looks like it was real malware, but not intentionally put in there by LulzSec and a new torrent minus the malware has been added. As you suggested it was probably “just an oopsie by someone at AT&T”.

            http://news.softpedia.com/news/ThePirateBay-Deletes-LulzSec-s-Last-Torrent-over-Malware-208391.shtml

        2. If a man steals my wallet, the problem isn’t that I wasn’t carrying a gun. It’s that that man stole my wallet.

          Well, I suppose that depends upon your philosophical and political point-of-views about humanity and society. Maybe you aren’t carrying a gun, but if there isn’t some force keeping order in a society, things tend to go all Wild West and wallets tend to get stolen.

          What LulzSec was trying to point out is that people believe these companies have guns protecting our wallets. But they were revealing these guns to be toys.

          Is demanding that every site have hardened security reasonable? Probably not. But we need to think about how to resolve this issue. I think we need to move to a system where individuals are empowered to keep their credentials, instead of being stored in 50,000 database servers. Minimize the attack vectors and harden the shit out of the ones which remain.

    2. The gift, besides the epic lulz, is the knowledge that you SHOULDN’T trust the internet with personal information because the internet isn’t secure.
      There is no “good riddance” here because lulzsec was never the problem. The problem was that there was not enough preventing them from doing what they did. And there still isn’t, and future hackers might be working in secret for profit or power instead of relatively harmless lulz.
      I mean, yeah, shame on them, but that only works the first time.

    1. ” if people no longer trusted the internet with any personal information, down to a meager login and password.”

      Are you saying that you do? I think that you have cleverly missed the point. Wake up!

  13. Hit and run. Classic guerilla tactics.

    Good on ’em. Anyone who thinks they were the first to exploit these holes is kidding themselves.

  14. “We say of LulzSec that they have gone on a journey into that land where we walk without footprints.”

  15. Arrests are starting to be made of some of the Zombie-bots across the globe. It was only a matter of time for this “crew of six” to be caught and crucified. It’s good they jumped ship now.

    Peace and may the force be with you!

  16. Right on! Please let it be true that you’re disbanding now! Balls like solid brass suns!

    FARE THEE WELL!!!!!

    1. Oh dear, that was simply.. brutal. Despite myself I can’t help feeling bad for this sad little bunch. However, this does give me bit of hope for a real group to take over and do some real hacktivism.

    2. I think this has already been discredited. That said, if any of it is true we should know within days. You can always go to anonops IRC and ask them, yourselves.

      The funny theme I see in this thread is the disparaging references to them being teenagers. Why would you think that? Because only teenagers would hack?

      What I find interesting is that Sony sacked a group of security folk just before Sony got whacked. And you know, they weren’t teenagers.

  17. My sources tell me that several of them had their allowances drastically slashed, and had to resort to getting summer jobs at Orange Julius in the food court at the local mall. With their skilz, I’m sure they will be drawing larger than normal checks once the hack into the Orange Julius command center and monkey with the payroll system. I’m sure that they will be back before too long.

  18. I’m going to call this “getting out while they’re ahead.” Probably the most sane thing they’ve done so far.

  19. “…And today is the day you will always remember as the day you ALMOST caught Jack Sparrow!”

    1. I’m not sure that the heavy hitters you refer to are any more serious or mature than the LulzSec hackers. They are probably just similar young guys holed up in their bedrooms, not putting out the garbage despite their Moms telling hem to, like a million times. Without wanting to build these guys up, this might be the gunfighters curse. You make a name for yourself and other gunfighters want to take you on to inherit your standing. I’m not saying that these guys are romantic anti-heroes (neither were the real old West gunfighters). This seems like a battle between immature egos rather than Clint Eastwood slapping down the young guns.

  20. Are we reaching the diminishing returns phase of 2011 hacking?
    Wikileaks combined with one angry guy in Tunisia self immolating acted as a dynamite cap in a pile of explosives and tore down several reasonably stable middle eastern governments.
    What type of release now would activate an angry population with enough distress to feel radical action is appropriate because they already have nothing to loose. Will Greece or somewhere else in the west reach this point anytime soon?
    I am very cynical anymore and between world politics and the financial markets have trouble determining which infotainment is ‘wag the dog’ and what is real or unintended consequence and what is just manipulation.

  21. I’ll only be impressed with any group of hacktivists once I see the news that they’ve bankrupted the owners of Goldman Sachs.

  22. From the beginning, I thought they were low hanging fruit going after low hanging fruit. C’mon: unsecured sql db’s? That’s so 1999. Websites running that stuff were small explosions waiting to happen. Lulzsec were the Sarah Palins of hacking. Good riddance is too strong of a statement, because they were irrelevant in the first place.

  23. Lulzsec getting hacked doesn’t make them silly, it underscores their exact message. Nothing is secure. Everything is visible to someone.

    It might even be the punchline.

  24. i did learn something for this. i learned that even though i’ve been in 3 databreaches so far and not a single account has been compromised. Isn’t that fascinating

  25. The excuse that they expose bad practices sounds superficial at first blush, but it really is the point as far as everyday people’s personal security is concerned. If Lulzsec released your information, it means that the same information was already quietly available to any criminals with the same skills and tools Lulzsec has.

  26. Lulzsec have annoyed real hackers with their antics. I am pretty sure it is not law enforcement that has scared them into disbanding.

  27. Lulzec used simple, non-sophisticated techniques to penetrate reputable sites, then released user info from them. The lesson we should take from this isn’t that they were elite masterminds- it’s that the we are allocating disproportionate trust to sites on the internet.

    Hopefully corporations and governments will either learn to be more secure from this, or treat those sites as insecure. Either way works.

    Hopefully INDIVIDUALS like you and I will learn to use separate passwords for separate sites (which will probably require a tool like onepass or password safe).

    If the world were a really nice place, we wouldn’t need to take these measures. We wouldn’t need passwords at all. But it’s not, and it wasn’t before lulzec showed up. The fact of the matter was that lulzec just did what people had been doing for years- they were just nice enough to tweet about it and make our lax standards publicly uncomfortable.

Comments are closed.