Anonymous, LulzSec, AntiSec, Etc.: A Brief History of Hacktivism

Members of Anonymous defaced the Websites of several local chapters of the Church of Scientology and launched distributed denial-of-service (DDoS) attacks against them. Anonymous targeted the Church of Scientology after the church forced Websites to remove a Scientology video featuring Tom Cruise. Anonymous viewed the church’s forceful effort as censorship and a threat to Internet freedom.

Anonymous set its sights on Fox News Anchor Bill O’Reilly and his fans. Members of the group hacked into Bill O’Reilly’s Website and obtained the email addresses, passwords and home addresses of 205 O’Reilly site members, which it then turned over to Wikileaks. The next day, Anonymous launched two DDoS attacks against Billoreilly.com.

Pictured here is reportedly an invitation to hack Fox News that Anonymous members circulated on one of its clandestine meeting grounds on 4chan.

Anonymous paralyzed GeneSimmons.com with a DDoS attack as part of “Operation Payback,” a campaign against individuals and organizations that aim to prevent Internet piracy. Anonymous sees the measures that groups such as the Recording Industry Association of America (RIAA) take to protect copyrighted content as a threat to Internet freedom. KISS Bassist Simmons succeeded in fueling Anonymous’s ire when he reportedly announced his desire to see every ‘freckle-faced college kid’ who illegally downloads music get sued.

Anonymous launched DDoS attacks against PayPal and other financial services companies that shut off donations to WikiLeaks after the news organization published classified cables from the U.S. State Department. In a poster (pictured) for “Operation Avenge Assange” that Anonymous circulated over the Internet, the group wrote that WikiLeaks founder Julian Assange “deifies” the principles that the hacktivist collective holds dear.

The Peoples Liberation Front struck Santa Cruz County’s Website with a DDoS attack that took it offline. According to a press release from the U.S. Justice Department, The Peoples Liberation Front executed the attack after several protesters, who had staged a demonstration at the Santa Cruz County Courthouse, were arrested. Law enforcement officials arrested them because their protest violated restrictions on camping within the city.

Joshua John Covelli (pictured) was indicted on September 22, 2011 for his alleged role in the DDoS attack against Santa Cruz County’s Website. He was previously brought up on charges for his suspected role in the DDoS attack on PayPal.

When Anonymous got wind that Aaron Barr, then CEO of security firm HBGary Federal, planned to unveil the identities of top Anonymous operatives at a security conference, the hacktivist collective made sure that didn’t happen. They hacked into HBGary Federal’s Website and seized highly sensitive emails that they posted online. The email exchanges revealed, among other things, Barr’s schemes to discredit WikiLeaks and Salon.com writer (and WikiLeaks’ supporter) Glenn Greenwald. The revelations from these emails sent the company into a tailspin. Anonymous succeeded in sending a menacing message of what can happen to people who try to mess with them.

This picture shows HBGary’s booth, which Anonymous vandalized at an RSA conference last year.

Anonymous hurled traffic at Sony’s PlayStation Network, taking down playstation.com in early April. The attacks on the PlayStation Network also compromised personal and credit card information on as many as 77 million users. Sony became aware of the breach on April 19, according to the IDG News Service, and took the network offline a day later to investigate it. Anonymous wreaked havoc with Sony’s PlayStation Network for a month, and the breach is reportedly expected to cost Sony $171 million by the end of its 2012 fiscal year.

This is what PBS’s Website looked like after LulzSec members had their way with it. The merry band of LulzSec pranksters defaced the august news organization’s site after Frontline aired the documentary WikiSecrets, about Bradley Manning’s leak of classified State Department documents to WikiLeaks. Needless to say, LulzSec members weren’t pleased with Frontline’s work.

LulzSec, which claimed while it was active that it only perpetrated attacks for the “lulz” or laughs at others’ expense, also posted a ridiculous news story about deceased rapper Tupac Shakur being found alive in New Zealand. The hackers capped off their “prank” by posting the login names, email addresses and passwords of numerous PBS members and staffers online.

The hacktivists strike Sony again. This time, LulzSec targeted Sony Pictures and broke into several of the company’s Websites and databases. LulzSec boasted on The Pirate Bay that it “compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” LulzSec also disclosed that it compromised all of Sony Pictures’ admin details and passwords in addition to 75,000 music codes and 3.5 million music coupons.

LulzSec defaced the Website for the Atlanta chapter of InfraGard, a cybercrime-fighting partnership between the FBI and private sector, with the pictured fake YouTube video.

LulzSec also obtained the login names and passwords of approximately 180 InfraGard users, which it released on The Pirate Bay along with damning allegations of a security company CEO’s attempt to bribe LulzSec members into eliminating his competitors. The security company CEO spoke to our sister publication CSO about his tangle with LulzSec.

LulzSec announced via Twitter and Pastebin its hack of the U.S. Senate’s Website.

LulzSec aimed its Low Orbit Ion Cannon at the CIA and launched a DDoS attack against the CIA’s Website that incapacitated it for several hours.

LulzSec announced on Twitter: “Recently we broke into (InfraGard Connecticut) via simple SQLi and compromised 1,000+ FBI-affiliated members.”

LulzSec targeted the Arizona Department of Public Safety’s computers and released hundreds of official files and emails, along with the names, email addresses, physical addresses and phone numbers of Arizona law enforcement officials. LulzSec set its sights on the Arizona Public Safety Department to protest the Arizona legislature’s passage of a law that expanded law enforcement officials’ ability to apprehend illegal immigrants.

LulzSec attacked the Website of British newspaper The Sun. They made The Sun’s Website redirect to LulzSec’s Twitter feed, and they posted a bogus news story about Rupert Murdoch dying in his topiary garden after overdosing on palladium.

Anonymous tweeted that it broke into the network of defense contractor ManTech International and threatened to release the documents it seized from ManTech’s servers.

Anonymous went after San Francisco’s Bay Area Rapid Transit (BART) system on August 14 and 15. They hacked BART’s Website, MyBart.org, and posted on the Internet the user names, last names, addresses and telephone numbers of more than 2,000 commuters on August 14, according to the IDG News Service. The next day, BART’s site was down.

Anonymous targeted BART after the transit system temporarily disconnected cell phone service for all passengers the previous week, in an effort to thwart a demonstration activists were planning to protest two fatal shootings committed by BART police officers. The protest ended up taking place on Monday, as this picture shows.

The hacktivist group AntiSec cracked a cybercrime investigator’s gmail and Google voice accounts. Group members leaked more than 38,000 of Fred Baclagan’s private emails—a veritable treasure trove for other hackers and identity thieves. According to the missive AntiSec posted after hijacking Baclagan’s accounts, the emails contained “detailed computer forensics techniques, investigation protocols as well as highly embarrassing personal information.” AntiSec also exposed several dozen of Baclagan’s voice mails and SMS text message logs. The group used Baclagan as a symbol to retaliate against other “white hat” computer security experts who are trying to thwart the efforts of Anonymous and Occupy Wall Street protestors.

Anonymous and TeaMp0isoN announced “Operation Robin Hood,” an effort to steal credit card data so that they can donate money to the poor and to protesters worldwide. The two organizations claimed that they had already seized credit card data from Chase, Bank of America and Citibank through major breaches.

Exphin1ty, a hacker associated with Anonymous and AntiSec, accessed the member database for CLEAR (Coalition of Law Enforcement and Retail) and posted online the names, phone numbers, email and home addresses, and hashed passwords of more than 2,400 law enforcement, federal, military, loss prevention and corporate professionals, according to Exphin1ty’s PasteBin dump.

An individual associated with Anonymous and AntiSec defaced the Website of the Florida Family Association, a conservative group that pressured home improvement retailer Lowes to end its advertising support for the TLC show “All-American Muslim.” To make the Florida Family Association “answer” for its “hate and divisive vitriol,” according to the Pastebin dump, the hacker exposed the names, email- and IP addresses for several of the association’s members. The hacker also threatened to expose members’ credit card information as well.

In what may be hacktivists’ most significant breach to date, AntiSec “pwnd” Stratfor, an intelligence and security company. Hackers defaced Stratfor’s Website and obtained the names, passwords, home addresses, email addresses, and credit card information for thousands of Stratfor clients. They posted much of this information online, and some of the credit card numbers were used to make donations to charities. A Pastebin post claims that AntiSec conducted the Statfor hack to investigate potential “instances of corruption, crime, and deception on the part of certain powerful actors based in the U.S. and elsewhere.”