Skip the navigation

When LulzSec attacks: A survivor's story

By Robert Lemos
June 10, 2011 02:51 PM ET

What about their claims that they had discussions with your company over the sale of information?On the morning on May 26th, when I could make some calls, I called US-CERT and the FBI. I didn't know it was (LulzSec) at the time, but the FBI probably had a better idea about that then I did. I asked the FBI if they had any suggestions. And their advice was basically, look it's like any other ransom situation, you have to keep playing along so you don't get killed. So that's what I was doing: I was trying to keep the piece and not be belligerent. I was not going to threaten them aimlessly. So the email exchange went to chat and that's when they started going down the path of extorting me. The first went down the path of extorting me. And I told them, I don't think you've done your research on my firm -- I'm a start-up and I don't have any money. I've self-funded this. So, they said we will settle for your bots, your botnet information.

And when that didn't happen, they started to get really belligerent. I don't know if I'm dealing with one silly hacker kid or a group. Then later that evening, they still tried to come back to negotiate. I had told them at one point, if you guys have skills then maybe do something good, maybe you can help. So they asked me exactly what I meant by that. They never really committed to anything, and I didn't either.

Do you think you were a random target?They claim that the hack on the Atlanta Infragard was first, where they were able to SQL inject it and get the usernames and passwords. I find it very curious that they singled me out, out of every one at Infragard. it is very odd. To this day, I'm still not sure what their motivation was to go after me. I'm a very small company and I'm very under the radar. We speculate that we may have taken bots from them in our efforts to sinkhole, but that is entirely speculation.

Are LulzSec and Anonymous similar threats?Anonymous thinks that they have a motivation, from what they claim. LulzSec is like an unwieldy merc squad. Of course, some information indicates that these guys are the same group. But, the group is juvenile. Really juvenile. When I put a release out, they came back with name calling. There was a protest element with Anonymous. This was just flat-out extortion. And greediness and silliness and anarchy. It is not a cause, it is really young kids playing around that have skills that are unfortunately misdirected.

Originally published on Click here to read the original story.
This story is reprinted from CSO, an online resource for information executives. Story Copyright CXO Media Inc., 2006. All rights reserved.
Our Commenting Policies