Hacker group LulzSec on Friday offered a rather bizarre explanation for its activities, arguing that silently manipulating hacked data is worse than releasing it publicly, but admitting that it hacks organizations and accounts "because we find it entertaining."
In honor of its 1,000th tweet, LulzSec posted an admittedly pretentious manifesto of sorts, admitting that it has recently been "causing mayhem and chaos throughout the Internet."
But there are far more nefarious characters than LulzSec currently having their way with your data, the group argued.
"Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game," LulzSec wrote. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly."
LulzSec, for example, is "sitting on" the personal data of 200,000 Brink users, a first-person shooter from Splash Damage and Bethesda Softworks, a company that has already felt the wrath of LulzSec.
"It might make you feel safe knowing we told you, so that Brink users may change their passwords," LulzSec said. "What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach."
Is all this a warning for companies to secure their data? Perhaps. But in discussing whether or not it is evil to release the average Web users' personal data for all to see, LulzSec said simply that "this is the lulz lizard era, where we do things because we find it entertaining."
LulzSec this week, for example, released the emails and passwords of more than 62,000 people. These were not IT execs, CIOs, or the CEOs of companies with lackluster online security measures, but average Internet users. Writing Web site Writerspace.com later confirmed that 12,000 of those emails were from its database.
On its Twitter feed and Web site, LulzSec encouraged its supporters to hack into the listed accounts and wreak havoc on their digital lives—order embarrassing products from Amazon, post vulgar status updates or photos on Facebook, for example. The group argued that people reading its Twitter feed or messages "love the idea of wrecking someone else's online experience anonymously."
"We release personal data so that equally evil people can entertain us with what they do with it," LulzSec said.
The group went on to argue that "you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle." Interestingly, they did not claim to be above the law and essentially admitted to illegal activity. "We'll continue creating things that are exciting and new until we're brought to justice, which we might well be."
Also today, LulzSec said it was not at war with Anonymous, another clandestine Web group, something confirmed by Anonymous. "To confirm, we aren't going after Anonymous. 4chan isn't Anonymous to begin with, and /b/ is certainly not the whole of 4chan. True story," LulzSec tweeted. "Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger."
Anonymous differs slightly from LulzSec in that it usually goes after certain targets for political reasons. In recent weeks, for example, the group has targed the Web sites of governments that Anonymous believes are oppressing their people via Internet censorship. Anonymous usually also employs distributed denial of service (DDoS) attacks rather than massive data dumps. Police in Spain and Turkey, however, recently arrested members of Anonymous for DDoS attacks.