The tweet claiming responsibility for the CIA takedown. Sony, following a major breach of its PlayStation Network that exposed millions of accounts and credit cards, has spent the last few weeks fending off dozens of successful attacks on its networks and websites around the world. LulzSec has claimed responsibility for some of these Sony attacks including against Sony Pictures, Sony Music Japan and others. "The mainstream media are having fun criticising Sony for its poor security, but do we honestly think for a second that the XBox Live network can't be similarly [hacked]," Gray wrote. "Is there any target out there that can't be 'gotten'?"

Growing list of targets The group has also targeted the US Senate website, Nintendo, game developer Bethesda Software, FBI-affiliate Infraguard, US media company PBS and several online multiplayer games such as EVEOnline, League of Legends and Minecraft. In many of the attacks, including on Bethesda, the US Senate and pornography website pron.com, LulzSec also released sensitive data online such as the usernames and passwords of users. These lists even revealed that people with White House email addresses had signed up to watch porn. "While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are - in the worst cases - having their personal data exposed," said Graham Cluley of computer security firm Sophos. "There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data. You don't have to put innocent people at risk. What's disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law."

LulzSec claims it is conducting the attacks "for the lulz", which is internet parlance for "for the laughs". Other attacks to hit the news recently include a breach of Gmail accounts connected to activists in China and a hack on the International Monetary Fund. Australian organisations exposed James Turner, security analyst at IBRS, said that, for Australian organisations, LulzSec was concerning. "Any thinking person would like to have a completely secure website and IT infrastructure, but perfect security is either prohibitively expensive or simply impractical so we try to strike a balance," he said.

"LulzSec is raising the issue of IT security at executive levels - which is useful - but not many Australian organisations have pots of cash sitting around that they can dive into for extra IT security budget. And they certainly don't have slack headcount just sitting on their hands waiting to spring into action." He said this meant that Australian organisations could not "do much to significantly improve their IT security in the short term, and this leaves them vulnerable to attack". "So while LulzSec is raising the issue, Australian organisations cannot immediately defend themselves. Sure, the generally low levels of security are not great, but attacking organisations because of their low security is like saying that the victim was asking for it, and that's just morally bankrupt. "Let's not forget that, ultimately, whether the attacker is a group of pranksters like LulzSec, or hardcore organised crime gangs, the outcome is the same; there is an attacker and a victim. So really, LulzSec are still muggers, but pretending to be not as bad as the other kind of muggers, who operate in secret." LulzSec v Anonymous

LulzSec's arrival on the hacking scene has caused some friction with the other notorious internet hacking collective dubbed Anonymous, which has been responsible for all manner of web attacks including taking down some Australian government websites as part of a protest against internet censorship legislation. The two groups have been taking potshots at each other over Twitter. The LulzSec telephone hotline reportedly received thousands of voicemail messages. One radio show managed to get through and published a recording of their chat online. Callers are now met with a voicemail message saying: "We are not available right now as we are busy raping your internet. Leave a message and we will get back to you whenever we feel like." After the US Senate's website was hacked over the weekend, the site was targeted a second time this week but a security spokeswoman insisted no sensitive data was exposed.

"They're getting nothing but the attacks continue," Martina Bradford, the deputy Senate sergeant at arms, said. "We've been able to stay ahead of the hackers and keep them out of the main Senate network." Hackers should use powers for good not evil Sophos's Paul Duckin said LulzSec might only be one person. "Your guess is as good as mine," he said. He said LulzSec appeared to be "attacking targets without rhyme or reason".

"It could just be one person in his own bedroom mounting [these] attacks." A poll of 1500 on the Sophos blog recently found about 40 per cent of its readers believed what LulzSec was doing was fun and that they were teaching security experts a lesson, Ducklin said. The other 60 per cent said that it was bad and not acceptable. He said LulzSec was not proving anything. "It's a bit like if you throw a brick at a bus shelter it shatters," he said. "We know it breaks; we already know that. Thanks." Ducklin said hackers, instead of using their power for evil, should donate their time to doing something useful. They could do so by visiting a site such as hackersforcharity.org. The hackersforcharity.org site helps people with little knowledge in computer security and even allows a hacker to help build a website for those in developing nations.

"If you actually have some moral spine as a hacker you can actually give that time away," Ducklin said. "Why do you have to destroy and damage stuff and leak people's personally identifiable information in order to prove a point? Why not just help people and solve the problem instead of being a part of it?" - with Reuters Loading This reporter is on Twitter: @ashermoses

This reporter is on Twitter: @bengrubb