Security company says it has tracked down the team behind attacks on the US senate, Sony Pictures, Fox.com, the US X Factor and PBS

This article is more than 9 years old

This article is more than 9 years old

The group behind LulzSec has never made its intentions clear – apart from a website which proclaims that "we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender [sic] year."

However Tal Be'ery, lead web researcher at Imperva, has put together a profile of LulzSec based on their own work, plus some information that is publicly available.

• LulzSec seems to be a spin-off of a group of hackers from the "Anonymous" organisation.

• They hacked HBgary and Gawker under the umbrella of the Anonymous group, but then decided to create their own "gig". Why? Probably to be independent.

• The supporting evidence for that is that the same nicks [nicknames] are used on both anonymous hacking-related discussions (early 2011) and LulzSec (mid 2011).

• They communicate mainly via private IRC channels – and publish via Twitter and Pastebin.

• They mostly use web application vulnerabilities: they used SQL injection to hack PBS and (one of) the Sony hacks (against Sony Pictures).

• They also use automated tools to harvest databases, called Havij, as we can see from the leaked PBS hack screenshots.

The group is small – less than 10 or so. (This is confirmed separately by security researcher Rik Ferguson of Trend Micro, who comments that "it seems to be a tight-knit group – it only needs to be a few people, since all they need is a Twitter account and a web page. There's no evidence that they're a particularly sophisticated group.)

The members, according to Imperva:

• "Sabu" – HBgary hacker. Seems to be the leader.

• "Nakomis" – Coder, rumoured to be one of coders of the PHPBB bulletin board.

• "Topiary" – handles finance, such as donations and payment for services (eg botnets)

• "Tflow" – Hacker. (Rumoured.)

• "Kayla" – Hacker. Owns a big botnet.

• "Joepie91" – Website admin.

• "Avunit" - No more detail.

From hacker discussion forums, it seems they might get arrested as soon as many "real world" details on their identities get revealed, suggests Tal Be'ery.