Lulz Security, commonly abbreviated as LulzSec, was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. British authorities had previously announced the arrests of two teenagers they allege are LulzSec members T-flow and Topiary.
Lulz Security logo
|Motto||"The world's leaders in high-quality entertainment at your expense", "Laughing at your security since 2011"|
|Extinction||28 June 2011|
|Affiliations||Anonymous, LulzRaft, AntiSec|
At just after midnight (BST, UT+01) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website is to be shut down. This breaking up of the group was unexpected. The release included accounts and passwords from many different sources. Despite claims of retirement, the group committed another hack against newspapers owned by News Corporation on 18 July, defacing them with false reports regarding the death of Rupert Murdoch. The group helped launch Operation AntiSec, a joint effort involving LulzSec, Anonymous, and other hackers.
Background and history
A federal indictment against members contends that, prior to forming the hacking collective known as LulzSec, the six members were all part of another collective called Internet Feds, a group in rivalry with Anonymous. Under this name, the group attacked websites belonging to Fine Gael, HBGary, and Fox Broadcasting Company. This includes the alleged incident in which e-mail messages were stolen from HBGary accounts. In May 2011, following the publicity surrounding the HBGary hacks, six members of Internet Feds founded the group LulzSec.
The group's first recorded attack was against Fox.com's website, though they still may have been using the name Internet Feds at the time. It claimed responsibility for leaking information, including passwords, altering several employees' LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants. They claimed to do so because the rapper Common had been referred to as "vile" on air.
LulzSec drew its name from the neologism "lulz", (from lol), "laughing out loud", which represents laughter, and "Sec", short for "Security". The Wall Street Journal characterized its attacks as closer to Internet pranks than serious cyber-warfare, while the group itself claimed to possess the capability of stronger attacks. It gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that were hacked. It frequently referred to Internet memes when defacing websites. The group emerged in May 2011, and successfully attacked websites of several major corporations. It specialized in finding websites with poor security, stealing and posting information from them online. It used well-known straightforward methods, such as SQL injection, to attack its target websites. Several media sources have described their tactics as grey hat hacking. Members of the group may have been involved in a previous attack against the security firm HBGary.
The group used the motto "Laughing at your security since 2011!" and its website, created in June 2011, played the theme from The Love Boat. It announced its exploits via Twitter and its own website, often accompanied with lighthearted ASCII art drawings of boats. Its website also included a bitcoin donation link to help fund its activities. Ian Paul of PC World wrote that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes." The group was also critical of white hat hackers, claiming that many of them have been corrupted by their employers.
Some in the security community contended that the group raised awareness of the widespread lack of effective security against hackers. They were credited with inspiring LulzRaft, a group implicated in several high-profile website hacks in Canada.
In June 2011 the group took suggestions for sites to hit with denial-of-service attacks. The group redirected telephone numbers to different customer support lines, including the line for World of Warcraft, magnets.com, and the FBI Detroit office. The group claimed this sent five to 20 calls per second to these sources, overwhelming their support officers. On 24 June 2011, The Guardian released leaked logs of one of the group's IRC chats, revealing that the core group was a small group of hackers with a leader Sabu who exercised large control over the group's activities. It also revealed that the group had connections with Anonymous, though was not formally affiliated with it. Some LulzSec members had once been prominent Anonymous members, including member Topiary.
At just after midnight (UTC) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website was to be taken down. The group claimed that they had planned to be active for only fifty days from the beginning. "We're not quitting because we're afraid of law enforcement. The press are getting bored of us, and we're getting bored of us," a group member said in an interview to the Associated Press. Members of the group were reported to have joined with Anonymous members to continue the AntiSec operation. However, despite claiming to retire, the group remained in communication as it attacked the websites of British newspapers The Times and The Sun on 18 July, leaving a false story on the death of owner Rupert Murdoch.
Former members and associates
LulzSec consisted of seven core members. The online handles of these seven were established through various attempts by other hacking groups to release personal information of group members on the internet, leaked IRC logs published by The Guardian, and through confirmation from the group itself.
- Sabu – One of the group's founders, who seemed to act as a kind of leader for the group, Sabu would often decide what targets to attack next and who could participate in these attacks. He may have been part of the Anonymous group that hacked HBGary. Various attempts to release his real identity have claimed that he is an information technology consultant with the strongest hacking skills of the group and a knowledge of the Python programming language. It was thought that Sabu was involved in the media outrage cast of 2010 using the skype "anonymous.sabu" Sabu was arrested in June 2011 and identified as a 29-year-old unemployed man from New York’s Lower East Side. On 15 August, he pleaded guilty to several hacking charges and agreed to cooperate with the FBI. Over the following seven months he successfully unmasked the other members of the group. Sabu was identified by Backtrace Security as Hector Montsegur on 11 March 2011 in a PDF publication named "Namshub." 
- Topiary – Topiary was also a suspected former member of the Anonymous, where he used to perform media relations, including hacking the website of the Westboro Baptist Church during a live interview. Topiary ran the LulzSec Twitter account on a daily basis; following the announcement of LulzSec's dissolution, he deleted all the posts on his Twitter page, except for one, which stated: "You cannot arrest an idea". Police arrested a man from Shetland, United Kingdom suspected of being Topiary on 27 July 2011. The man was later identified as Jake Davis and was charged with five counts, including unauthorized access of a computer and conspiracy. He was indicted on conspiracy charges on 6 March 2012.
- Kayla/KMS – Ryan Ackroyd of London, and another unidentified individual known as "lol" or "Shock.ofgod" in LulzSec chat logs. Kayla owned a botnet used by the group in their distributed denial-of-service attacks. The botnet is reported to have consisted of about 800,000 infected computer servers. Kayla was involved in several high-profile attacks under the group "gn0sis". Kayla also may have participated in the Anonymous operation against HBGary. Kayla reportedly wiretapped 2 CIA agents in an anonymous operation. Kayla was also involved in the 2010 media outrage under the Skype handle "Pastorhoudaille". Kayla is suspected of having been something of a deputy to Sabu and to have found the vulnerabilities that allowed LulzSec access to the United States Senate systems. One of the men behind the handle Kayla was identified as Ryan Ackroyd of London, arrested, and indicted on conspiracy charges on 6 March 2012.
- Tflow – (Real name: Mustafa Al-Bassam) The fourth founding member of the group identified in chat logs, attempts to identify him have labelled him a PHP coder, web developer, and performer of scams on PayPal. The group placed him in charge of maintenance and security of the group's website lulzsecurity.com. London Metropolitan Police announced the arrest of a 16-year-old hacker going by the handle Tflow on 19 July 2011.
- Avunit – He is one of the core seven members of the group, but not a founding member. He left the group after their self-labelled "Fuck the FBI Friday". He was also affiliated with Anonymous AnonOps HQ. Avunit is the only one of the core seven members that has not been identified.
- Pwnsauce – Pwnsauce joined the group around the same time as Avunit and became one of its core members. He was identified as Darren Martyn of Ireland and was indicted on conspiracy charges on 6 March 2012. The Irish national worked as a local chapter leader for the Open Web Application Security Project, resigning one week before his arrest.
- Palladium – Identified as Donncha O'Cearbhaill of Ireland, he was indicted on conspiracy on 6 March 2012.
- Anarchaos – Identified as Jeremy Hammond of Chicago, he was arrested on access device fraud and hacking charges. He was also charged with a hacking attack on the U.S. security company Stratfor in December 2011. He is said to be a member of Anonymous.
- Ryan Cleary, who sometimes used the handle ViraL. Cleary faced a sentence of 32 months in relation to attacks against the US Air Force and others.
Other members still may be active as to this time, they have not yet been identified.
. /$$ /$$ /$$$$$$ .| $$ | $$ /$$__ $$ .| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$ .| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/ .| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$ .| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$ .| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$ .|________/ \______/ |__/|________/ \______/ \_______/ \_______/ //Laughing at your security since 2011! + __ )| ________________________.------,_ _ _/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous |==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists `----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec \ ==== \ \\~~\\ \ PIGS \\ #lulzsec `| === | ))~~\\ ```"""=,)) #fuckfbifriday | === | |'---') #chingalamigra / ==== / `=====' ´------´
LulzSec did not appear to hack for financial profit, claiming their main motivation was to have fun by causing mayhem. They did things "for the lulz" and focused on the possible comedic and entertainment value of attacking targets. The group occasionally claimed a political message. When they hacked PBS, they stated they did so in retaliation for what they perceived as unfair treatment of WikiLeaks in a Frontline documentary entitled WikiSecrets. A page they inserted on the PBS website included the title "FREE BRADLEY MANNING. FUCK FRONTLINE!" The 20 June announcement of "Operation Anti-Security" contained justification for attacks on government targets, citing supposed government efforts to "dominate and control our Internet ocean" and accusing them of corruption and breaching privacy. The news media most often described them as grey hat hackers.
Karim Hijazi, CEO of security company Unveillance, accused the group of blackmailing him by offering not to attack his company or its affiliates in exchange for money. LulzSec responded by claiming that Hijazi offered to pay them to attack his business opponents and that they never intended to take any money from him. LulzSec has denied responsibility for misuse of any of the data they breached and released. Instead, they placed the blame on users who reused passwords on multiple websites and on companies with inadequate security in place.
In June 2011, the group released a manifesto outlining why they performed hacks and website takedowns, reiterating that "we do things just because we find it entertaining" and that watching the results can be "priceless". They also claimed to be drawing attention to computer security flaws and holes. They contended that many other hackers exploit and steal user information without releasing the names publicly or telling people they may possibly have been hacked. LulzSec said that by releasing lists of hacked usernames or informing the public of vulnerable websites, it gave users the opportunity to change names and passwords elsewhere that might otherwise have been exploited, and businesses would be alarmed and would upgrade their security.
The group's latest attacks have had a more political tone. They claimed to want to expose the "racist and corrupt nature" of the military and law enforcement. They have also expressed opposition to the War on Drugs. Lulzsec's Operation Anti-Security was characterized as a protest against government censorship and monitoring of the internet. In a question and answer session with BBC Newsnight, LulzSec member Whirlpool (AKA: Topiary) said, "Politically motivated ethical hacking is more fulfilling". He claimed the loosening of copyright laws and the rollback of what he sees as corrupt racial profiling practices as some of the group's goals.
The group's first attacks came in May 2011. Their first recorded target was Fox.com, which they retaliated against after they called Common, a rapper and entertainer, "vile" on the Fox News Channel. They leaked several passwords, LinkedIn profiles, and the names of 73,000 X Factor contestants. Soon after on 15 May, they released the transaction logs of 3,100 Automated Teller Machines in the United Kingdom. In May 2011, members of Lulz Security gained international attention for hacking the American Public Broadcasting System (PBS) website. They stole user data and posted a fake story on the site which claimed that Tupac Shakur and Biggie Smalls were still alive and living in New Zealand. In the aftermath of the attack, CNN referred to the responsible group as the "Lulz Boat".
Lulz Security claimed that some of its hacks, including its attack on PBS, were motivated by a desire to defend WikiLeaks and Chelsea Manning. A Fox News report on the group quoted one commentator, Brandon Pike, who claimed that Lulz Security was affiliated with the hacktivist group Anonymous. Lulz Security claimed that Pike had actually hired it to hack PBS. Pike denied the accusation and claimed it was leveled against him because he said Lulz Security was a splinter of Anonymous.
In June 2011, members of the group claimed responsibility for an attack against Sony Pictures that took data that included "names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people." The group claimed that it used a SQL injection attack, and was motivated by Sony's legal action against George Hotz for jailbreaking the PlayStation 3. The group claimed it would launch an attack that would be the "beginning of the end" for Sony. Some of the compromised user information was subsequently used in scams. The group claimed to have compromised over 1,000,000 accounts, though Sony claimed the real number was around 37,500.
Lulz Security attempted to hack into Nintendo, but both the group and Nintendo itself report that no particularly valuable information was found by the hackers. LulzSec claimed that it did not mean to harm Nintendo, declaring: "We're not targeting Nintendo. We like the N64 too much — we sincerely hope Nintendo plugs the gap."
On 11 June, reports emerged that LulzSec hacked into and stole user information from the pornography website www.pron.com. They obtained and published around 26,000 e-mail addresses and passwords. Among the information stolen were records of two users who subscribed using email addresses associated with the Malaysian government, three users who subscribed using United States military email addresses and 55 users who LulzSec claimed were administrators of other adult-oriented websites. Following the breach, Facebook locked the accounts of all users who had used the published e-mail addresses, and also blocked new Facebook accounts opened using the leaked e-mail addresses, fearing that users of the site would get hacked after LulzSec encouraged people to try and see if these people used identical user name and password combinations on Facebook as well.
LulzSec hacked into the Bethesda Game Studios network and posted information taken from the network onto the Internet, though they refrained from publishing 200,000 compromised accounts. LulzSec posted to Twitter regarding the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks, Please fix your junk, thanks!"
On 14 June 2011, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday". These websites were Minecraft, League of Legends, The Escapist, and IT security company FinFisher. They also attacked the login servers of the massively multiplayer online game EVE Online, which also disabled the game's front-facing website, and the League of Legends login servers. Most of the takedowns were performed with distributed denial-of-service attacks. On 15 June, LulzSec took down the main server of S2 Games' Heroes of Newerth as another phone request. They claimed, "Heroes of Newerth master login server is down. They need some treatment. Also, DotA is better."
On 16 June, LulzSec posted a random assortment of 62,000 emails and passwords to MediaFire. LulzSec stated they released this in return for supporters flooding the 4chan /b/ board. The group did not say what websites the combinations were for and encouraged followers to plug them into various sites until they gained access to an account. Some reported gaining access to Facebook accounts and changing images to sexual content and others to using the Amazon.com accounts of others to purchase several books. Writerspace.com, a literary website, later admitted that the addresses and passwords came from users of their site.
LulzSec claimed to have hacked local InfraGard chapter sites, a non-profit organization affiliated with the FBI. The group leaked some of InfraGard member e-mails and a database of local users. The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video. LulzSec posted:
It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it[.]
On 9 June, LulzSec sent an email to the administrators of the British National Health Service, informing them of a security vulnerability discovered in NHS systems. LulzSec stated that they did not intend to exploit this vulnerability, saying in the email that "We mean you no harm and only want to help you fix your tech issues."
On 13 June, LulzSec released the e-mails and passwords of a number of users of senate.gov, the website of the United States Senate. The information released also included the root directory of parts of the website. LulzSec stated, "This is a small, just-for-kicks release of some internal data from senate.gov – is this an act of war, gentlemen? Problem?" referencing a recent statement by the Pentagon that some cyberattacks could be considered an act of war. No highly sensitive information appears in the release.
On 15 June, LulzSec launched an attack on CIA.gov, the public website of the United States Central Intelligence Agency, taking the website offline with a distributed denial-of-service attack. The website was down from 5:48 pm to 8:00 pm eastern time.
On 2 December, an offshoot of LulzSec calling itself LulzSec Portugal, attacked several sites related to the government of Portugal. The websites for the Bank of Portugal, the Assembly of the Republic, and the Ministry of Economy, Innovation and Development all became unavailable for a few hours.
On 20 June, the group announced it had teamed up with Anonymous for "Operation Anti-Security". They encouraged supporters to steal and publish classified government information from any source while leaving the term "AntiSec" as evidence of their intrusion. Also listed as potential targets were major banks. USA Today characterized the operation as an open declaration of cyberwarfare against big government and corporations. Their first target of the operation was the Serious Organised Crime Agency (SOCA), a national law enforcement agency of the United Kingdom. LulzSec claimed to have taken the website offline at about 11 am EST on 20 June 2011, though it only remained down for a few minutes. While the attack appeared to be a DDoS attack, LulzSec tweeted that actual hacking was taking place "behind the scenes". At about 6:10 pm EST on 20 June, SOCA's website went down yet again. SOCA's website was back online sometime between 20 and 21 June. The website of the local district government of Jianhua District in Qiqihar, China, was also knocked offline. Early in the morning on 22 June, it was revealed that LulzSec's "Brazilian unit" had taken down two Brazilian government websites, brasil.gov.br and presidencia.gov.br. They also brought down the website of Brazilian energy company Petrobras.
On 20 June, two members on the "Lulz Boat" reportedly leaked logs that LulzSec was going to leak on 21 June. They also claimed that the two had leaked information that aided authorities in locating and arresting Ryan Cleary, a man loosely affiliated with the group. LulzSec posted various personal information about the two on Pastebin including IP addresses and physical addresses. Both had been involved with cyber-crimes in the past, and one had been involved with hacking the game Deus Ex.[not in citation given]
After LulzSec encouragement, some began tagging public locations with physical graffiti reading "Antisec" as part of the operation. Numerous beachfronts in Mission Beach, San Diego were vandalized with the phrase. Some local news organizations mistook the graffiti in Mission Beach as signs of the Antisec Movement. Many commenters on the local news websites corrected this.
On 23 June, LulzSec released a number of documents pertaining to the Arizona Department of Public Safety, which they titled "chinga la migra", which roughly translates to "fuck the border patrol". The leaked items included email addresses and passwords, as well as hundreds of documents marked "sensitive" or "for official use only". LulzSec claimed that this was in protest of the law passed in Arizona requiring some aliens to carry registration documents at all times. Arizona officials have confirmed the intrusion. Arizona police have complained that the release of officer identities and the method used to combat gangs could endanger the lives of police officers.
On 24 June 2011, LulzSecBrazil published what they claimed were access codes and passwords that they used to access the Petrobras website and employee profile data they had taken using the information. Petrobras denied that any data had been stolen, and LulzSecBrazil removed the information from their Twitter feed a few hours later. The group also released personal information regarding President of Brazil Dilma Rousseff and Mayor of São Paulo Gilberto Kassab.
On 25 June 2011, LulzSec released what they described as their last data dump. The release contained an enormous amount of information from various sources. The files contained a half gigabyte of internal information from telecommunication company AT&T, including information relating to its release of 4G LTE and details pertaining to over 90,000 personal phones used by IBM. The IP addresses of several large corporations including Sony, Viacom, and Disney, EMI, and NBC Universal were included. It also contained over 750,000 username and password combinations from several websites, including 200,000 email addresses, usernames, and encrypted passwords from hackforums.net; 12,000 names, usernames, and passwords of the NATO online bookshop; half a million usernames and encrypted passwords of players of the online game Battlefield Heroes; 50,000 usernames, email addresses, and encrypted passwords of various video game forum users; and 29 users of Priority Investigations, an Irish private investigation company. Also included were an internal manual for AOL engineering staff and a screencapture of a vandalized page from navy.mil, the website of the United States Navy. Members of the group continued the operation with members of Anonymous after disbanding.
Despite claiming to have retired, on 18 July LulzSec hacked into the website of British newspaper The Sun. The group redirected the newspaper's website to an also-hacked redesign website of another newspaper The Times, altering the site to resemble The Sun and posting a fake story claiming that Rupert Murdoch had died after ingesting a fatal dose of palladium. They objected to the involvement of News Corporation, the Murdoch-owned company that publishes The Sun and The Times, in a large phone hacking scandal. The hacked website also contained a webcomic depicting LulzSec deciding on and carrying out the attack. The group later redirected The Sun website to their Twitter feed. News International released a statement regarding the attacks before having the page the statement appeared on also redirected to the LulzSec Twitter page and eventually taken offline. The group also released the names and phone numbers of a reporter for The Sun and two others associated with the newspaper and encouraged their supporters to call them. In recent times NovaCygni of AntiSec has openly touted that the news channel Russian Television (RT) has openly stated support for the Anonymous movement and that at least one reporter for them is an active member of Anonymous. They further included an old email address and password of former News International executive Rebekah Brooks. News Corporation took the websites offline as a precaution later in the day.
The media reported a number of attacks, originally attributed to LulzSec, that the group later denied involvement in. On 21 June, someone claiming to be from the group posted on Pastebin that they had stolen the entire database of the United Kingdom Census 2011. LulzSec responded by saying that they had obtained no such data and that whoever posted the notice was not from the group. British officials said they were investigating the incident, but have found no evidence that any databases had been compromised or any information taken. The British government, upon concluding their investigation, called the claims that any information on the census was taken a hoax.
In June 2011, assets belonging to newspaper publisher News International were attacked, apparently in retaliation for reporting by The Sun of the arrest of Ryan Cleary, an associate of the group. The newspaper's website and a computer used in the publishing process of The Times were attacked. However, LulzSec denied any involvement, stating "we didn't attack The Sun or The Times in any way with any kind of DDoS attack". Members of AntiSec based in Essex England claimed responsibility for the attack.
Hacker actions against LulzSec
A number of different hackers have targeted LulzSec and its members in response to their activities. On 23 June 2011, Fox News reported that rival hacker group TeaMp0isoN were responsible for outing web designer Sven Slootweg, who they said used the online nickname Joepie91, and that they have intentions to do the same with every member. A Pastebin post in June 2011 from hacker KillerCube identified LulzSec leader Sabu as Hector Xavier Monsegur, an identification later shown to be accurate.
A group calling themselves Team Web Ninjas appeared in June 2011 saying they were angry over the LulzSec release of the e-mail addresses and passwords of thousands of normal Internet users. They attempted to publicly identify the online and real world identities of LulzSec leadership and claimed to do so on behalf of the group's victims. The group claimed to have identified and given to law enforcement the names of a number of the group's members, including someone they claimed is a United States Marine.
The Jester, a hacker who generally went by the leetspeak handle
th3j35t3r, vowed to find and expose members of LulzSec. Claiming to perform hacks out of a sense of American patriotism, he attempted to obtain and publish the real world personally identifiable information of key members, whom he described as "childish". On 24 June 2011, he claimed to have revealed the identity of LulzSec leader Sabu as an information technology consultant possibly from New York City. On 24 June 2011, a hacker allegedly going by the name Oneiroi briefly took down the LulzSec website in what he labelled "Operation Supernova". The Twitter page for the group also briefly became unavailable.
On 24 June 2011, The Guardian published leaked logs from one of the group's IRC channels. The logs were originally assumed to have been leaked by a disillusioned former member of the group who went by the nickname m_nerva, yet fellow hacker Michael Major, known by his handle 'hann', later claimed responsibility. After confirming that the leaked logs were indeed theirs, and that the logs revealed personal information on two members who had recently left the group due to the implications of attacking the FBI website, LulzSec went on to threaten m_nerva on their Twitter feed. LulzSec claimed the logs were not from one of their core chatting channels, but rather a secondary channel used to screen potential backups and gather research.
A short time before LulzSec claimed to be disbanding, a group calling itself the A-Team posted what they claimed was a full list of LulzSec members online along with numerous chat logs of the group communicating with each other. A rival hacker going by the name of TriCk also claimed to be working to reveal the group's identities and claimed that efforts on the part of rival hackers had pushed the group to disband for fear of being caught.
Law enforcement response
On 21 June 2011, the London Metropolitan Police announced that they had arrested a 19-year-old man from Wickford, Essex, named by LulzSec and locally as Ryan Cleary, as part of an operation carried out in cooperation with the FBI. The suspect was arrested on charges of computer misuse and fraud, and later charged with five counts of computer hacking under the Criminal Law Act and the Computer Misuse Act. News reports described him as an alleged member of LulzSec. LulzSec denied the man arrested was a member. A member of LulzSec claimed that the suspect was not part of the group, but did host one of its IRC channels on his server. British police confirmed that he was being questioned regarding alleged involvement in LulzSec attacks against the Serious Organized Crime Agency (SOCA) and other targets. They also questioned him regarding an attack on the International Federation of the Phonographic Industry in November 2010. On 25 June 2011 the court released Cleary under the bail conditions that he not leave his house without his mother and not use any device connected to the internet. He was diagnosed the previous week with Asperger syndrome. In June 2012 Cleary, together with another suspected LulzSec member, 19-year old Jake Davis, pleaded guilty conspiring to attack government, law enforcement and media websites in 2011.
At around the same time as Cleary's arrest, Federal Bureau of Investigation agents raided the Reston, Virginia facility of Swiss web hosting service DigitalOne. The raid took several legitimate websites offline for hours as the agency looked for information on an undisclosed target. Media reports speculated the raid may have been related to the LulzSec investigation.
A few days before LulzSec disbanded, the FBI executed a search warrant on an Iowa home rented by Laurelai Bailey. Authorities interviewed her for five hours and confiscated her hard drives, camera, and other electronic equipment, but no charges were filed. Bailey denied being a member of the group, but admitted chatting with members of LulzSec online and later leaking those chats. The FBI was interested in having her infiltrate the group, but Bailey claimed the members hated her and would never let her in. The questioning by the FBI led a local technical support company to fire Laurelai, claiming she embarrassed the company.
On 27 June 2011, the FBI executed another search warrant in Hamilton, Ohio. The local media connected the raid to the LulzSec investigation; however, the warrant was sealed, the name of the target was not revealed, and the FBI office in Cincinnati refused to comment on any possible connection between the group and the raid. No one was charged with a crime after the FBI served the warrant. Some reports suggested the house may have belonged to former LulzSec member m_nerva, whom was originally suspected of leaking a number of the group's logs to the press, and information leading to the warrant supplied by Ryan Cleary.
On 19 July 2011, the London Metropolitan Police announced the arrest of LulzSec member Tflow. A 16-year-old male was arrested in South London on charges of violating the Computer Misuse Act, as part of an operation involving the arrest of several other hackers affiliated with Anonymous in the United States and United Kingdom. LulzSec once again denied that any of their membership had been arrested, stating "there are seven of us, and we're all still here."
On the same day the FBI arrested 21-year-old Lance Moore in Las Cruces, New Mexico, accusing him of stealing thousands of documents and applications from AT&T that LulzSec published as part of their so called "final release".
The Police Central E-Crime Unit arrested an 18-year-old man from Shetland on 27 July 2011 suspected of being LulzSec member Topiary. They also searched the house of a 17-year-old from Lincolnshire possibly connected to the investigation, interviewing him. Scotland Yard later identified the man arrested as Yell, Shetland resident Jake Davis. He was charged with unauthorized access of a computer under the Computer Misuse Act 1990, encouraging or assisting criminal activity under the Serious Crime Act 2007, conspiracy to launch a denial-of-service attack against the Serious Organised Crime Unit contrary to the Criminal Law Act 1977, and criminal conspiracy also under the Criminal Law Act 1977. Police confiscated a Dell laptop and a 100-gigabyte hard drive that ran 16 different virtual machines. Details relating to an attack on Sony and hundreds of thousands of email addresses and passwords were found on the computer. A London court released Davis on bail under the conditions that he live under curfew with his parents and have no access to the internet. His lawyer Gideon Cammerman stated that, while his client did help publicize LulzSec and Anonymous attacks, he lacked the technical skills to have been anything but a sympathizer.
In early September 2011, Scotland Yard made two further arrests relating to LulzSec. Police arrested a 24-year-old male in Mexborough, South Yorkshire and a 20-year-old male in Warminster, Wiltshire. The two were accused of conspiring to commit offenses under the Computer Misuse Act of 1990; police said that the arrests related to investigations into LulzSec member Kayla.
On 22 September 2011, the FBI arrested Cody Kretsinger, a 23-year-old from Phoenix, Arizona who was indicted on charges of conspiracy and the unauthorized impairment of a protected computer. He is suspected of using the name "recursion" and assisting LulzSec in their early hack against Sony Pictures Entertainment, though he allegedly erased the hard drives he used to carry out the attack. Kretsinger was released on his own recognizance under the conditions that he not access the internet except while at work and that he not travel to any states other than Arizona, California, or Illinois. The case against him was filed in Los Angeles, where Sony Pictures is located. Kretsinger pleaded guilty on 5 April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer. On 19 April 2013, Kretsinger was sentenced for the "unauthorized impairment of protected computers" to one year in federal prison, one year of home detention following the completion of his prison sentence, a fine of $605,663 in restitution to Sony Pictures and 1000 hours of community service.
On 8 August 2013, Raynaldo Rivera, age 21, known by the online moniker “neuron,” of Chandler, Arizona, was sentenced to one year and one day in federal prison by United States District Judge John A. Kronstadt. In addition to the prison sentence, Judge Kronstadt ordered Rivera to serve 13 months of home detention, to perform 1,000 hours of community service and to pay $605,663 in restitution to Sony Pictures.
On 6 March 2012, two men from Great Britain, one from the United States, and two from Ireland were charged in connection to their alleged involvement with LulzSec. The FBI revealed that supposed LulzSec leader Hector Xavier Monsegur, who went by the username Sabu, had been aiding law enforcement since pleading guilty to twelve counts, including conspiracy and computer hacking, on 15 August 2011 as part of a plea deal. In exchange for his cooperation, federal prosecutors agreed not to prosecute Monsegur for his computer hacking, and also not to prosecute him for two attempts to sell marijuana, possession of an illegal handgun, purchasing stolen property, charging $15,000 to his former employer's credit card in a case of identity theft, and directing people to buy prescription drugs from illegal sources. He still faces a misdemeanor charge of impersonating a federal agent. Five suspects were charged with conspiracy: Jake Davis, accused of being the hacker "Topiary" (who had been previously arrested); Ryan Ackroyd of London, accused of being "Kayla"; Darren Martyn of Ireland, accused of being "pwnsauce"; Donncha O’Cearrbhail of Ireland, accused of being "palladium"; and Jeremy Hammond of Chicago, accused of being "Anarchaos". While not a member of LulzSec, authorities suspect Hammond of being a member of Anonymous and charged him with access device fraud and hacking in relation to his supposed involvement in the December 2011 attack on intelligence company Stratfor as part of Operation AntiSec.
On 24 April 2013, Australian Federal Police arrested 24-year-old Matthew Flannery of Point Clare, who boasted on Facebook "I’m the leader of LulzSec". Flannery, who went by the username Aush0k, was arrested for the alleged hacking of the Narrabri Shire Council website on which homepage sexually explicit text and an image were left. On 27 August 2014, Flannery entered guilty pleas to five charges of making unauthorised modification of data to cause impairment, and dishonestly obtaining the Commonwealth Bank details of a woman. Flannery, who said the reference to LulzSec was a joke, lost his job of computer technician in a security company. On 16 October 2014, he was sentenced to 15 months of house arrest which continues until mid-April 2016, alongside a 12 months good behaviour bond.
- Weisenthal, Joe (25 June 2011). "Notorious Hacker Group LulzSec Just Announced That It's Finished". Business Insider. Silicon Alley Insider. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- "LulzSec hackers claim CIA website shutdown". BBC. 16 June 2011. Retrieved 17 June 2011.
- "Is There a Hacking Epidemic?".
- Svensson, Peter (27 June 2011). "Parting is such tweet sorrow for hacker group". The Sydney Morning Herald. The Sydney Morning Herald. Retrieved 29 June 2011.
- United States District Court for the Southern District of New York (13 March 2012). "United States v. Ackroyd et al" (PDF). New York City: Wired. pp. 1–13. Archived from the original (PDF) on 14 March 2012. Retrieved 14 March 2012.
- "Who is LulzSec, Hacker of PBS? Are they hacking Sony again?". International Business Times. Retrieved 3 June 2011.
- Poulsen, Kevin (2 June 2011). "Sony Hit Yet Again; Consumer Passwords Exposed". Wired. Retrieved 3 June 2011.
- "A Brief History of the LulzSec Hackers". New York City: Fox News Channel. 21 June 2011. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Morse, Andrew; Sherr, Ian (6 June 2011). "For Some Hackers, The Goal Is Just To Play A Prank". The Wall Street Journal. p. B1. Retrieved 6 June 2011.
- "LulzSec threatens governments". RT. 21 June 2011. Archived from the original on 25 June 2011. Retrieved 22 June 2011.
- "Q&A: Lulz Security". BBC. 6 June 2011. Retrieved 6 June 2011.
- Mitchell, Dan (9 June 2011). "Yet another hack, yet another delay in reporting it". CNN Money. Retrieved 11 June 2011.
- Raywood, Dan (10 June 2011). "Security expert publicly backs 'grey hats' such as LulzSec, saying that public disclosure will help businesses". SC Magazine. Archived from the original on 11 June 2011. Retrieved 11 June 2011.
- Acohido, Byron (20 June 2011). "Who's who among key LulzSec hackitivists". USA Today. Retrieved 21 June 2011.
- Olson, Parmy (6 June 2011). "LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation". Forbes. Retrieved 7 June 2011.
- Paul, Ian. "Lulz Boat Hacks Sony's Harbor: FAQ." PC World. 3 June 2011. Retrieved on 6 June 2011.
- Ragan, Steve (8 June 2011). "One month later – LulzSec continues their personal brand of comedy". The Tech Herald. Archived from the original on 11 June 2011. Retrieved 9 June 2011.
- Beltrame, Julian (8 June 2011). "Hacker without a cause scores with Harper 'breakfast incident' hoax". The Canadian Press. Retrieved 10 June 2011.
- Boscker, Bianca (15 June 2011). "LulzSec Hacker Group Now Taking Requests". The Huffington Post. New York City. AOL. Archived from the original on 15 June 2011. Retrieved 15 June 2011.
- Albanesius, Chloe (15 June 2011). "LulzSec Call-In Line Taking Hacking Requests". PC Magazine. Archived from the original on 15 June 2011. Retrieved 15 June 2011.
- Gallagher, Ryan (24 June 2011). "Inside LulzSec: Chatroom logs shine a light on the secretive hackers". The Guardian. London. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Weisenthal, Joe (25 June 2011). "Notorious Hacker Group LulzSec Just Announced That It's Finished". Business Insider. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Moyer, Edward (25 June 2011). "Hacking group LulzSec says it's calling it quits". CNET.com. CBS Interactive. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- Svensson, Peter (26 June 2011). "Hacker group LulzSec says it's disbanding". USA Today. Associated Press. Retrieved 27 June 2011.
- Olivarez-Giles, Nathan (29 June 2011). "AntiSec 'hackers without borders' claim new hack on Arizona state police". Los Angeles Times. Los Angeles. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- Gayomail, Chris (18 July 2011). "LulzSec Hacks 'News of the World' and 'The Sun,' Plants Fake Murdoch Death Story". Time. Archived from the original on 18 July 2011. Retrieved 18 July 2011.
- Poeter, Damon (2 July 2011). "Who Is LulzSec?". PC Magazine. Ziff Davis. pp. 1–9. Archived from the original on 5 July 2011. Retrieved 5 July 2011.
- "Infamous international hacking group LulzSec brought down by own leader". Fox News. 6 March 2012.
- "Criminal Indictment Against Sabu (original document)".
- "Chats, Car Crushes and Cut 'N Paste Sowed Seeds Of LulzSec's Demise" Archived 27 February 2013 at the Wayback Machine
- Goodman, William (24 February 2011). "Video: Anonymous hacks Westboro Baptist Church website during on-air confrontation". CBS News. New York City. CBS. Archived from the original on 5 July 2011. Retrieved 5 July 2011.
- Olson, Parmy (2012). We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency. Little, Brown. ISBN 978-0-316-21354-7.
- "Twitter". Twitter. 2 January 2011. Retrieved 20 December 2011.
- "Man arrested over computer hacking claims". BBC News. London. BBC. 27 July 2011. Archived from the original on 27 July 2011. Retrieved 27 July 2011.
- "LulzSec: Shetland teen charged over computer hacking claims". BBC News. London. BBC. 31 July 2011. Archived from the original on 31 July 2011. Retrieved 31 July 2011.
- Winter, Jana (6 March 2012). "Infamous international hacking group LulzSec brought down by own leader". Fox News Channel. New York City. Archived from the original on 13 March 2012. Retrieved 13 March 2012.
- Kaplan, Jeremy (19 July 2011). "Leading Member of LulzSec Hacker Squad Arrested in London". Fox News Channel. New York City. Archived from the original on 20 July 2011. Retrieved 20 July 2011.
- "Accused Irish LulzSec hacker worked in security". MSNBC. New York City. NBCUniversal. 9 March 2012. Archived from the original on 14 March 2012. Retrieved 14 March 2012.
- "LulzSec 'hacktivists' handed long jail sentences for hacking". London. The Guardian. 16 May 2013.
- LulzSec (24 June 2011). "Chinga La Migra (download torrent)". The Pirate Bay. Retrieved 25 June 2011.
- "Chinga La Migra bulletin No.1" (.txt). lulzsecurity.com. 23 June 2011. Retrieved 25 June 2011.
- Adam Clark Estes. "LulzSec Document Release Targets Arizona Border Patrol". The Atlantic Wire.
- Downie, James (14 June 2011). "Hacking For Fun More Than Profit". The New Republic. Washington, D.C. Mike Rancilio. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Taylor, Jerome (16 June 2011). "Who are the group behind this week's CIA hack?". The Independent. London. Independent Print Limited. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Murphy, David (19 June 2011). "Three Reasons to Fear Lulzsec: Sites, Skills, and Slant". PC Magazine. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Poulsen, Kevin (30 May 2011). "Hacktivists Scorch PBS in Retaliation for WikiLeaks Documentary". Wired. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Ross, Nick (20 June 2011). "Lulzsec teams up with Anonymous". ABC Online. Australian Broadcasting Corporation. Retrieved 20 June 2011.
- Chapman, Stephen (22 June 2011). "LulzSec: Doing it more for the money than the lulz?". ZDNet. CBS Interactive. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Ragan, Steve (6 June 2011). "Unveillance faces troubled waters in the wake of LulzSec visit". The Tech Herald. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- "Lulz? Sony hackers deny responsibility for misuse of leaked data". Ars Technica. Condé Nast Publications. 4 June 2011. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Anderson, Nate (18 June 2011). "LulzSec manifesto: "We screw each other over for a jolt of satisfaction"". Ars Technica. Condé Nast Publications. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Poulsen, Kevin (24 June 2011). "LulzSec Releases Arizona Police Documents". Wired. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- Stevenson, Alastair (22 June 2011). "Operation Anti-Security: Anonymous yet to act while LulzSec rampage". International Business Times. New York City. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- Watts, Susan (24 June 2011). "Newsnight online 'chat' with Lulz Security hacking group". London: BBC News. BBC. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- CNN Wire Staff. "Hackers pirate PBS website, post fake story about Tupac still alive". CNN. Retrieved 3 June 2011.
- Olson, Parmy (31 May 2011). "Interview With PBS Hackers: We Did It For 'Lulz And Justice'". Forbes. Retrieved 3 June 2011.
- Kaplan, Jeremy (2 June 2011). "Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs". Fox News. Retrieved 3 June 2011.
- Pepitone, Julianne (2 June 2011). "Group claims fresh hack of 1 million Sony accounts Money". CNN. Retrieved 3 June 2012.[permanent dead link]
- Ogg, Erica. "Hackers steal more customer info from Sony servers". CNET. Retrieved 3 June 2012.
- Reisinger, Don. "Tupac hackers to Sony: 'Beginning of the end'". CNET. Retrieved 3 June 2012.
- Ars Staff. "Lulz? Sony hackers deny responsibility for misuse of leaked data". Ars Technica. Retrieved 3 June 2012.
- Olivarez-Giles, Nathan (9 June 2012). "Sony Pictures says LulzSec hacked 37,500 user accounts, not 1 million". Los Angeles Times. Los Angeles. Archived from the original on 12 June 2011. Retrieved 12 June 2012.
- Murphy, David (5 June 2012). "LulzSec Hacks Nintendo: No User Information Released". PCMag. Retrieved 5 June 2011.
- Tabuchi, Hiroko (5 June 2012). "Nintendo Is Hit by Hackers, but Breach Is Deemed Minor". New York Times. Retrieved 5 June 2011.
- Thomas, Keir (11 June 2012). "Porn Site Users Beware: Hacker Group LulzSec May Have Posted Your Email Address". PC World. Archived from the original on 11 June 2011. Retrieved 11 June 2012.
- Albanesius, Chloe (13 June 2012). "LulzSec Targets Bethesda Softworks, Porn Site". PC magazine. Retrieved 13 June 2012.
- Ben, Kuchera. "LulzSec hackers demand hats, threaten release of Brink user data". Ars Technica. Retrieved 13 June 2012.
- Bright, Peter (14 June 2011). "Titanic Takeover Tuesday: LulzSec's busy day of hacking escapades". Ars Technica. Archived from the original on 14 June 2011. Retrieved 14 June 2011.
- Peckham, Matt (14 June 2011). "LulzSec Knocks 'Minecraft,' 'EVE Online,' 'League Of Legends' and 'The Escapist' Offline". Time. New York City. Archived from the original on 14 June 2011. Retrieved 14 June 2011.
- LulzSec. "Tweet 81036958826102784". Twitter. Retrieved 15 June 2011.
- LulzSec. "Tweet 81327464156119040". Twitter. Retrieved 16 June 2012.
- Kobie, Nicole (16 June 2011). "LulzSec hackers leak 62,000 email logins". PC Pro. Archived from the original on 16 June 2011. Retrieved 16 June 2012.
- Dunn, John (19 June 2011). "LulzSec Hacker Victims Alerted". PC World. IDG. Archived from the original on 19 June 2011. Retrieved 19 June 2011.
- "LulzSec claims to have hacked FBI-affiliated website". LA Times. Retrieved 11 November 2017.
- Read, Max. "LulzSec Hackers Go After FBI Affiliates". Gawker. Archived from the original on 6 June 2011. Retrieved 4 June 2012.
- "Hackers warn NHS over security". BBC. 9 June 2012. Retrieved 9 June 2012.
- Ogg, Erica (13 June 2012). "LulzSec targets videogame maker ZeniMax Media". CNET.com. CBS Interactive. Archived from the original on 13 June 2011. Retrieved 13 June 2011.
- Morse, Andrew (13 June 2012). "LulzSec Hacker Group Claims Attack On US Senate Website". The Wall Street Journal. Archived from the original on 13 June 2011. Retrieved 13 June 2011.
- "CIA website hacked; LulzSec takes credit (again)". Consumer Reports. 16 June 2012. Archived from the original on 16 June 2011. Retrieved 16 June 2011.
- Nakashima, Ellen (15 June 2012). "CIA Web site hacked; group LulzSec takes credit". The Washington Post. Archived from the original on 16 June 2011. Retrieved 16 June 2011.
- "Hackers voltam a atacar sites portugueses". TVI 24 (in Portuguese). Televisão Independente. 2 December 2012. Archived from the original on 3 December 2011. Retrieved 3 December 2012.
- Acohido, Byron (20 June 2011). "LulzSec, Anonymous declare war against governments, corporations". USA Today. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- Meyer, David (20 June 2011). "LulzSec claims Soca hack". ZDNet. CBS Interactive. Archived from the original on 20 June 2011. Retrieved 20 June 2011.
- "Soca website taken down after LulzSec 'Ddos attack'". BBC. 20 June 2011. Retrieved 20 June 2011.
- Henderson, Nicole (21 June 2011). "SOCA Website Back Online After LulzSec DDoS Attack". Web Host Industry Review. Archived from the original on 24 June 2011. Retrieved 21 June 2011.
- Ragan, Steve (21 June 2011). "LulzSec and Anonymous: Hunting for skeletons hidden in closets". The Tech Herald. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Emery, Daniel (22 June 2011). "LulzSec hits Brazilian websites". BBC. Retrieved 22 June 2011.
- Clark, Jack (22 June 2011). "LulzSec takes down Brazil government sites". CNet. Retrieved 22 June 2011.
- McMillan, Robert (22 June 2011). "Brazilian Government, Energy Company Latest LulzSec Victims". PC World. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Rodriguez, Salvador (21 June 2011). "LulzSec says it's outing two who may have led to arrest of an alleged hacker". Los Angeles Times. Los Angeles. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Aamoth, Doug (21 June 2011). "Trouble in Paradise? LulzSec Outs Two Apparent 'Snitches'". TechLand (Time Magazine). Retrieved 21 June 2011.
- Gayathri, Amrutha (21 June 2011). "Operation Anti-Security: Mysterious serial graffiti reported; LulzSec gaining mass support?". International Business Times. New York City. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- ""Anti-Sec" group spreads message through graffiti in Mission Beach". CBS 8. 20 June 2011. Retrieved 21 June 2011.
- Tsotsis, Alexia (23 June 2011). "LulzSec Releases Arizona Law Enforcement Data In Retaliation For Immigration Law". TechCrunch. Retrieved 23 June 2011.
- Aamoth, Doug (23 June 2011). "LulzSec Claims Breach Against Arizona Law Enforcement". Techland (Time). Retrieved 23 June 2011.
- Lohr, Steve (23 June 2011). "Arrest Puts Spotlight on Brazen Hacking Group LulzSec". The New York Times. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- Poeter, Damon (24 June 2011). "Will LulzSec's Hit on Arizona Cops be its Last Hurrah?". PC Magazine. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Rapoza, Kenneth (25 June 2011). "LulzSec Strikes Brazil Again; Petrobras Denies Being Hacked". Forbes. New York City. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- Lopez, Luciana; Brian Ellsworth (24 June 2011). Anthony Boadle (ed.). "Hackers target Brazilian statistics agency". London. Reuters. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- Greenberg, Andy (25 June 2011). "LulzSec Says Goodbye, Dumping NATO, AT&T, Gamer Data". Forbes. New York City. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- Whittaker, Zack (25 June 2011). "LulzSec disbands: Final cache includes AT&T internal data and 750,000 user accounts". ZDNet. CBS Interactive. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- Rovzar, Chris (18 July 2011). "Website of Murdoch's Sun Hacked". New York Magazine. Archived from the original on 18 July 2011. Retrieved 18 July 2011.
- Anonymous (18 July 2011). "Media moguls body discovered". The Times. London. Archived from the original on 18 July 2011. Retrieved 18 July 2011.
- Mills, Elinor (18 July 2011). "Hackers target Murdoch newspaper Web site". CNET. CBS Interactive. Archived from the original on 19 July 2011. Retrieved 19 July 2011.
- "Lulz Security hackers target Sun website". BBC News. London: BBC. 18 July 2011. Archived from the original on 19 July 2011. Retrieved 19 July 2011.
- Paul, Ian (21 June 2011). "LulzSec Denies Taking U.K. Census Data". PC World. IDG. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Halliday, Josh (22 June 2011). "LulzSec census hacking claims 'a hoax'". The Guardian. London. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Rayner, Gordon (23 June 2011). "Hackers hit News International in revenge for coverage of teenager's arrest". The Daily Telegraph. London. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- Stevenson, Alastair (24 June 2011). "LulzSec deny revenge hacks on the Sun and Times newspaper websites". International Business Times. New York City. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- "LulzSec sails into sunset as TeaMp0isoN terrorizes Internet". 25 June 2011. Archived from the original on 29 June 2011. Retrieved 4 July 2011.
- Winter, Jana (23 June 2011). "Exclusive: Rival Hacker Group Racing Police to Expose LulzSec". Fox News. Retrieved 23 June 2011.
- Mills, Elinor (6 March 2012). "Will LulzSec arrests stop high-profile hacks? Don't bet on it". CNET. CBS Interactive. Archived from the original on 13 March 2012. Retrieved 13 March 2012.
- Halliday, Josh (24 June 2011). "LulzSec: the members and the enemies". The Guardian. London. Guardian Media Group. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Mack, Eric (24 June 2011). "Hacker Civil War Heat Up". PC World. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Vance, Ashlee (3 December 2010). "WikiLeaks Struggles to Stay Online After Attacks". The New York Times. Retrieved 29 December 2010.
- Chapman, Stephen (24 June 2011). "LulzSec's leader, Sabu, revealed?". ZDNet. CBS Interactive. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Halliday, Josh (24 June 2011). "LulzSec site taken down by lone-wolf hacker". The Guardian. London. Archived from the original on 24 June 2011. Retrieved 24 June 2011.
- Pakinkis, Tom (24 June 2011). "LulzSec hacked by anti-hacking group?". ComputerAndVideoGames.com. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- Arthur, Charles; Ryan Gallagher (24 June 2011). "News Technology LulzSec LulzSec IRC leak: the full record". The Guardian. London. Guardian Media Group. Archived from the original on 25 June 2011. Retrieved 25 June 2011.
- "The Hackers Who Tried To Sink The Lulz Boat". The Smoking Gun. 1 July 2011. Retrieved 8 April 2013.
- Taylor, Jerome (26 June 2011). "Hactivist collective LulzSec disbands". The Independent. London. Archived from the original on 26 June 2011. Retrieved 26 June 2011.
- "Teenager arrested on suspicion of hacking". BBC. 21 June 2011. Retrieved 21 June 2011.
- "e-Crime unit arrest man". Metropolitan Police Service. Retrieved 21 June 2011.
- Schwartz, Matthew (21 June 2011). "Scotland Yard Busts Alleged LulzSec Mastermind". InformationWeek. San Francisco. UBM plc. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Dodd, Vikram (22 June 2011). "Teenager Ryan Cleary charged over LulzSec hacking". The Guardian. London. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Williams, Christopher (21 June 2011). "Hackers 'steal entire 2011 census'". The Daily Telegraph. London. Retrieved 21 June 2011.
- Martinez, Edecio (21 June 2011). "LulzSec responds to UK hacker arrest, says "we're all still here!"". CBS News. New York City. CBS Corporation. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Hardawar, Devindra (21 June 2011). "LulzSec denies involvement in UK Census hack, suspected member arrested". VentureBeat. Archived from the original on 21 June 2011. Retrieved 21 June 2011.
- Halliday, Josh (27 June 2011). "Teen accused of attacking SOCA website released on conditional bail". The Guardian. London. Archived from the original on 27 June 2011. Retrieved 27 June 2011.
- "Two LulzSec Hackers Plead Guilty in Britain". The New York Times. The Associated Press. 25 June 2012.
- Williams, Christopher (22 June 2011). "FBI seized web servers as LulzSec suspect was arrested". The Daily Telegraph. London. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Kopytoff, Verne (21 June 2011). "F.B.I. Seizes Web Servers, Knocking Sites Offline". The New York Times. Archived from the original on 22 June 2011. Retrieved 22 June 2011.
- Paul, Ian (29 June 2011). "FBI Steps Up Hunt for LulzSec". PC World. Archived from the original on 29 June 2011. Retrieved 29 June 2011.
- Choney, Suzanne (28 June 2011). "A female hacker in the mix?". MSNBC. NBCUniversal. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- "Finally! Hackers switch tactics and bring down Al Qaeda's communications, as FBI closes in on group after 50-day spree: FBI raids home of woman in Iowa as it continues investigation into hacking group LulzSec". Daily Mail. London. Associated Newspapers. 30 June 2011. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- Chen, Adrian (28 June 2011). "FBI Raids Iowa Woman's Home in Lulz Security Hacker Investigation". Gawker. Gawker Media. Archived from the original on 15 July 2011. Retrieved 15 July 2011.
- McMillan, Robert (29 June 2011). "With FBI raid, law enforcement circles LulzSec". Computerworld. International Data Group. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- Pack, Lauren (28 June 2011). "FBI hacking probe leads to area teen". The Middletown Journal. Middletown, Ohio. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- Arthur, Charles (29 June 2011). "LulzSec hacking suspect's house searched in Hamilton, Ohio". The Guardian. London. Archived from the original on 30 June 2011. Retrieved 30 June 2011.
- Greenberg, Andy (19 July 2011). "Hacker Arrests May Have Included Core Member Of LulzSec". Forbes. New York City. Archived from the original on 20 July 2011. Retrieved 20 July 2011.
- Sterling, Toby (21 July 2011). "Dutch give details on 4 'Anonymous' hacker arrests". The Sydney Morning Herald. Sydney. Archived from the original on 21 July 2011. Retrieved 21 July 2011.
- Albanesius, Chloe (31 July 2011). "Report: Scotland Yard Identifies LulzSec Hacker". PC Magazine. Archived from the original on 31 July 2011. Retrieved 31 July 2011.
- Prodhan, Georgina (1 August 2011). "UK teen cyber activist bailed without Internet access". London. Thomson Reuters. Archived from the original on 1 August 2011. Retrieved 1 August 2011.
- "LulzSec and Anonymous police and FBI investigation sees two more arrested". The Guardian. London. 2 September 2011. Retrieved 2 September 2011.
- "FBI Arrests Suspected LulzSec and Anonymous Hackers". Fox News. New York City. 22 September 2011. Archived from the original on 23 September 2011. Retrieved 22 September 2011.
- Gorman, Steve (23 September 2011). "Suspected LulzSec hacker arrested in Sony studio breach". Forbes. New York City. Archived from the original on 23 September 2011. Retrieved 23 September 2011.
- Slosson, Mary (5 April 2012). "Accused LulzSec hacker pleads guilty in Sony breach". MSNBC. NBCUniversal. Archived from the original on 12 April 2012. Retrieved 12 April 2012.
- Whitcomb, Dan (19 April 2013). "Hacker gets a year in prison for Sony attack". Sydney Morning Herald. Retrieved 23 April 2013.
- U.S. Attorney’s Office, Central District of California (8 August 2013). "Second Member of Hacking Group Sentenced to More Than a Year in Prison for Stealing Customer Information from Sony Pictures Computers". Federal Bureau of Investigation. Retrieved 26 December 2014.
- Caruso, David B.; Jennifer Peltz (9 March 2012). "Feds: NYC hacker also involved with drug dealing". The Boston Globe. Boston. Archived from the original on 13 March 2012. Retrieved 13 March 2012.
- Halliday, Josh (9 April 2013). "LulzSec hacktivists plead guilty to cyber-attacks on NHS, Sony and NI". The Guardian. London. Retrieved 9 April 2013.
- "Web hacker Matthew Flannery loses job, faces jail over 'joke'". The Herald. 28 August 2014. Retrieved 26 December 2014.