Over the past month or so, Lulz Security has become a household name on the Internet. The hactivist group has become synonymous with mischief, pranks, and all-purpose flouting of online decorum. It has leaked people's personal information just for fun, taken down government Web sites just to show it can, and gone after myriad small gaming sites by popular request, all the while with its virtual thumb planted on its proverbial nose.
As the group's impact grows, it has lead to waves of chaos that reverberate far beyond its own sphere of direct influence. A perfect example would be yesterday's shutdown of the Curbed Network, which LulzSec did not touch, after it and other sites found themselves the victims of a ham-fisted Federal Bureau of Investigation raid that confiscated a whole server farm it suspected housed a piece of LulzSec-related hardware. Today, a new bit of malice capitalized on yesterday's arrest of a Briton suspected of operating a botnet on the group's behalf: A fake Facebook post announcing the arrest of the "creator of LulzSec" reportedly infects computers with spam tool bars when it's clicked. Then there is the direct effect of LulzSec's data leaks: Since it released 62,000 email / password combinations last Thursday and plenty more Sony logins on June 2, reports have been rolling in on the pranks and mayhem random people have committed against the users whose logins were exposed. (Facebook trolling, ordering sex toys, and messing with dating profiles are just the beginning.)
But LulzSec has gone on the record saying its hijinks are essentially meant for good, not evil. It has said its pranks, while disruptive, are meant to illustrate the ease with which truly malicious hackers may access data that unaware Netizens think is private. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly," it said in its manifesto last week. The group has also aligned itself with Wikileaks, promising anonymity and support for those who help it in its mission of benevolent mayhem, which it calls Operation Anti-Security (AntiSec). But it's entirely possible that, through its campaign of chaos, the group is doing far more harm than good, starting with those whose emails were leaked as collateral damage. Here's what the group had to say about that in its manifesto:
Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
Obviously, LulzSec isn't looking to defend its good name. It seems to occupy a large gray space somewhere between good and evil, where injuries to a few are funny and awareness for many is gold. But as the group prepares to issue another large data release as part of its AntiSec operation, it appears that LulzSec wants it both ways. It would like to be a force for chaos, but ultimately for good. But once it releases the data it collects, it has no say over what people do with it. In the end, LulzSec could easily go from the band of funny freedom fighters it would like to be seen as, to simply a platform for jerks.