A group claiming to have risen from the ashes of LulzSec is taking responsibility for hacking a military dating site and a technology company.
Dubbed Lulzsec Reborn, the group is picking up where the original LulzSec members left off. On Sunday, the group announced via Pastebin that the website MilitarySingles.com had been hacked, and released a file with stolen user data impacting some 170,000 user accounts. The hack was the first associated with LulzSec since a spate of high-profile arrests of several people associated with the group earlier this month. The group also claims on Twitter to have hacked CSS Corp., a global technology company that designs and manages end-to-end IT and network services, and to have dumped user data online.
On March 6, law enforcement officials announced charges against six people involved with LulzSec and other hacking groups. In a surprising twist, it was revealed that one of the hackers at the forefront of the group – Hector Xavier Monsegur, AKA “Sabu” – was actually a government informant.
Earlier this month, a video was posted to YouTube announcing that LulzSec would return.
“It is ridiculous to believe that by arresting the six prime members of Lulzsec you have stopped us,” the video said. “You haven’t stopped us – you merely disrupted the active faction. Starting from April the 1st, 2012, LulzSec will start targeting government, corporations and agencies, and quite possibly the people watching this video.”
In tweets from the LulzSec Reborn account (@lulzboatR), the group claims to have no knowledge of how the April 1 date came into play or responsibility for that particular video, and added that all hacks will be done spontaneously.
“Of course, on the Internet, anyone can claim to be whatever they want and so it’s not particularly surprising to see that it was a group calling itself LulzSec Reborn that posted a message on PasteBin announcing the hack of MilitarySingles.com,” blogged Graham Cluley, senior technology consultant at Sophos. “Email addresses, usernames, real names and – in some cases – physical addresses belonging to romance-seeking members of the military were included in the haul of information posted on the Internet. If you know anyone who has ever used the Military Singles website, it would be a good idea to tell them to change their password as a precaution – and to ensure that they are not using the same password anywhere else.”
